Re: Possible fix for Kaminsky's bug
At Tue, 2 Sep 2008 16:51:55 -0400,
"L. Gabriel Somlo" <email@example.com> wrote:
> > Of course, if the recursive server has cached a valid [url]www.cnn.com/A[/url],
> > the result of the attack won't be effective until it expires. But
> > once it expires, the attacker gets the full control of it and keeps
> > the situation as long as they want. (This is different from how the
> > TTL matters in the traditional brute force attacks).[/color]
> I tried that, and it doesn't work if the victim server already has an[/color]
I also tried that successfully. What exactly did you try, and how
didn't it work?
> A record for [url]www.cnn.com[/url] cached. The attack you described relies on
> there being nothing in the cache for [url]www.cnn.com[/url]. The presence of an A
> record means the attack must succeed before the valid A record gets
> cached or wait until after it expires and before it gets renewed again.[/color]
No, the presence of an A record simply means the attack is not
effective until the A record expires (the attack itself succeeds
anytime unless the server also caches [url]www.cnn.com./NS[/url], which is very
unlikely). When "it gets renewed again", the server is already
poisoned with the forged NS, and it will be poisoned with a forged A
record by the forged NS.
Internet Systems Consortium, Inc.