Hi, The DNS paper is not at the mentioned URL since it was published in phrack instead, and can be found at the URL http://www.phrack.org/show.php?p=62&a=3 > -----Original Message----- > From: have2Banonymous [mailto:a637831@xxxxxxxxx] > Sent: Monday, July 12, 2004 5:46 AM > To: bugtraq@xxxxxxxxxxxxxxxxx > Subject: The Impact of RFC Guidelines on DNS Spoofing Attacks > > > EXECUTIVE SUMMARY > > This paper provides a brief overview of basic Domain Name System (DNS) > spoofing attacks against DNS client resolvers. Technical challenges are > proposed that should help to both identify attempted attacks and prevent > them from being successful. Relevant Request for Comments (RFC) > guidelines, used by programmers to help ensure their DNS resolver code > meets specifications, are reviewed. This results in the realisation > that the RFC guidelines are not adequately specific or forceful to help > identify or prevent DNS spoofing attacks against DNS client resolvers. > Furthermore, the RFC guidelines actually simplify such attacks to a > level that has not previously been discussed in the public domain until > now. > > To highlight the consequences of merely conforming to the RFC guidelines > without considering security ramifications, an example DNS spoofing > attack against the DNS resolver in Microsoft Windows XP is provided. > This illustrates serious weaknesses in the Windows XP DNS resolver > client implementation. For example, Windows XP will accept a DNS reply > as being valid without performing a thorough check that the DNS reply > actually matches the DNS request. This allows an attacker to create a > malicious generic DNS reply that only needs to meet a couple of criteria > with predictable values in order to be accepted as a valid DNS reply by > the targeted user. > > This paper discusses the practical impact of the issues raised, such as > the ability to perform a successful and reasonably undetectable DNS > spoofing attack against a large target base of Windows XP users, without > the attacker requiring knowledge of the DNS requests issued by the > targeted users. Finally, a comparison with the DNS resolver in Debian > Linux is supplied. > > > The paper can be found at the following URL: > http://members.ozemail.com.au/~987654321/impact_of_rfc_on_dns_spoofing.p > df > __________________________________ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/
