IETF Logo Mail Archive

Re: first succesful (lab) spoof of a fully source port randomized server reported

Paul Vixie <vixie@isc.org> Sun, 10 August 2008 18:37 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E69DE3A6902; Sun, 10 Aug 2008 11:37:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pDAABt2IVxnD; Sun, 10 Aug 2008 11:37:05 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 8F9773A69DE; Sun, 10 Aug 2008 11:37:05 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KSFhC-0006j2-7n for namedroppers-data@psg.com; Sun, 10 Aug 2008 18:31:14 +0000
Received: from [2001:4f8:3:bb:230:48ff:fe5a:2f38] (helo=nsa.vix.com) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <vixie@vix.com>) id 1KSFh8-0006hI-Nh for namedroppers@ops.ietf.org; Sun, 10 Aug 2008 18:31:12 +0000
Received: from nsa.vix.com (localhost [127.0.0.1]) by nsa.vix.com (Postfix) with ESMTP id 42B18A669B; Sun, 10 Aug 2008 18:30:57 +0000 (UTC) (envelope-from vixie@nsa.vix.com)
From: Paul Vixie <vixie@isc.org>
To: Alex Bligh <alex@alex.org.uk>
cc: sthaug@nethelp.no, jeroen@unfix.org, namedroppers@ops.ietf.org
In-Reply-To: Your message of "Sun, 10 Aug 2008 09:54:34 +0100." <1BDC660168661516D7087994@nimrod.local>
References: <20080808111242.GI6566@outpost.ds9a.nl> <20080808.132607.41660169.sthaug@nethelp.no> <489C324B.1090603@spaghetti.zurich.ibm.com> <20080810.093718.74690983.sthaug@nethelp.no> <1BDC660168661516D7087994@nimrod.local>
X-Mailer: MH-E 8.0.3; nil; GNU Emacs 22.2.1
Date: Sun, 10 Aug 2008 18:30:57 +0000
Message-ID: <59801.1218393057@nsa.vix.com>
MIME-Version: 1.0
X-Vix-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-ID: 42B18A669B.36BA0
X-Vix-MailScanner: Found to be clean
X-Vix-MailScanner-From: vixie@vix.com
Subject: Re: first succesful (lab) spoof of a fully source port randomized server reported
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

> >> add     pipe 1  udp     from any 53 to 204.152.188.20 in
> >> pipe 1  config  mask src-ip 0xffffffff buckets 32768 bw 56Kbit/s queue 1

> ...I think we've just succeeded in converting a poisoning attack into a
> DoS vector. Just spoof the IPs of the root nameservers, or NS for
> google.com or whatever. I realise DoS of root nameserver access is
> probably less dangerous that poisoning then, but...

there are easier ways to DoS a nameserver.  this isn't an exciting new vector.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email