* Posts by Craig Wright

3 publicly visible posts • joined 10 Jul 2008

Exploit code for Kaminsky DNS bug goes wild

Craig Wright
Flame

Still Patching

My comment is why is this worse than the general issue with patching.

If I go audit an ISP and discover root comprimises on all their DNS's - as has occured twice in the last 2 weeks, why is this the big issue?

I still do not see basic security in place.

Shocker DNS spoofing vuln discovered three years ago by a student

Craig Wright
Thumb Down

Old stuff

I am interested in seeing if there is anything REALLY new from a number of the following:

Schuba, C., "Addressing Weaknesses in the Domain Name System Protocol", Master's thesis, Purdue University Department of Computer Sciences, August 1993.

Bellovin, Steven M. (1995) "Using the Domain Name System for System Break-ins" pp.199-208 in Proceedings of the 5th USENIX UNIX Security Symposium, Salt Lake City, Utah. Berkeley, CA: USENIX Association.

Bellovin, Steven M. (1989). “Security Problems in the TCP/IP Protocol Suite,” Computer Communications Review, 19(2):32-48.

R. T. Morris. A Weakness in the 4.2BSD UNIX TCP/IP Software. Computing Science Technical Report No. 117, AT&T Bell Laboratories, Murray Hill, New Jersey, February 1985

In particular, Schuba's work in the early 90's seems to address all the aspects mentioned in the July CERT release.

In the links above nothing is listed as these where articles on the paper. I did some tests in 2000 based on Schuba's paper and a couple newer cache poision attacks. As there were many servers taht where vulnerable to root level compromises nothing came of the cache poisioning.

I ran a test earlier in the year where I again tested versioning and found over 16% of the tested systems where so old as to be vulnerable to remote compromise. I see this as a far worse situation even if most of these are on the proverbial outskirts.

Craig Wright
Alien

Way old...

This was one of the many issues I noted in a 2000 report on DNS. ICANN stated my "study was flawed" and got the lawyers involved.

http://news.cnet.com/Security-firm-warns-of-outdated-software/2100-1023_3-241876.html

http://www.zdnet.com.au/news/security/soa/80-000-Domains-at-Risk-DNS-problems-plague-Australia-/0,130061744,120101062,00.htm