Despite being delicately handled and patched at an unprecedented rate, Kaminsky's DNS vulnerability researc may have opened up a huge can of worms. Russian developer Evgeniy Polyakov has announced that fully patched DNS systems are still vulnerable to poisoning.
From his blog, Zbr's Days:
Two attacking servers, connected to the attacked one via GigE link, were used, each one attacked 1-2 ports with full ID range. Usually attacking server is able to send about 40-50 thousands fake replies before remote server returns the correct one, so if port was matched probability of the successful poisoning is more than 60%.
Attack took about half of the day, i.e. a bit less than 10 hours. So, if you have a GigE lan, any trojaned machine can poison your DNS during one night... [From Zbr's days.]
This has also been mentioned in the New York Times and the Inquirer. He has posted his proof of concept code here.
Leave a comment