User: Password:
|
|
Subscribe / Log in / New account

Some stupid ideas

Some stupid ideas

Posted Aug 13, 2008 19:13 UTC (Wed) by drag (subscriber, #31333)
In reply to: Some stupid ideas by rvfh
Parent article: Details of the DNS flaw revealed

>  Although I don't know what to do with that information...


Block him with firewall rules, would be my guess, or build it into the DNS server to deny
them. Similar to setting up rules to block people that attempt to brute force a ssh password
or whatnot.

Of course that would lead to interested DOS possiblities. Like having some goofy webpage or
emailing somebody with a html email  that have images that link to thousands of non-existent
servers with fake dns names.


(Log in to post comments)

Some stupid ideas

Posted Aug 13, 2008 20:46 UTC (Wed) by darwish07 (guest, #49520) [Link]

The packets does not have to be with the same IP source address and UDP port. 

This is UDP, The attacker source IP address can be changed when every new packet is sent
without affecting the end result.

Some stupid ideas

Posted Aug 14, 2008 6:02 UTC (Thu) by rvfh (subscriber, #31018) [Link]

Yeah, the last thing we want is to turn a defensive measure into a DoS vulnerability :-)

DNS hacking: Blacklisting source IP address

Posted Aug 15, 2008 20:42 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

This is UDP, The attacker source IP address can be changed when every new packet is sent without affecting the end result.

The source IP address is not UDP; it's basic IP. The attacker can't simply choose the source IP address because whoever routes his IP packet into the Internet will not accept it if its source IP address is someone else's (and the attacker isn't trusted as a router for that someone).

You have to pull off a pretty high level hack of the Internet before you can spoof a source IP address.

DNS hacking: Blacklisting source IP address

Posted Aug 16, 2008 8:21 UTC (Sat) by dlang (subscriber, #313) [Link]

actually, there are large chunks of the Internet that do not check the source IP when routing
the packets.

and once you get a hop or so from the source (real or forged) this is nessasary becouse the
routers could be dealing with packets from just about anywhere.

in theory every company/personal router and every ISP border router (both to the customers and
to other ISPs) has such filters.

in practice relativly few of them do.

this is even true of the major international peering points. every year or so you hear of a
country that got knocked off the Internet due to mistakes that someone makes with BGP routing
configuration. these useually get detected and fixed within a short time and so don't make the
news, but every once in a while the outage lasts long enough to get attention.

I've been at the recieving end of enough forged attacks to know that it's definantly possible.

although I'll admit that with botnets getting as large as they are, forged packets are not
used as much as they used to be.

DNS hacking: Blacklisting source IP address

Posted Aug 23, 2008 12:06 UTC (Sat) by darwish07 (guest, #49520) [Link]

Yes, I agree. but what I meant is that UDP puts less restrictions on the sender IP address.

IP forging can happen more easily with UDP since no handshake or any kind of replies are needed. Only the forged packet is enough.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds