Re: DNS Hack - TCP-IP

This is a discussion on Re: DNS Hack - TCP-IP ; WLH> I surmise from this article that any DNS can be compromised by simple WLH> tools and converted to act as a forwarding message server for all kinds WLH> of nefarious deeds. WLH> Actually, it just the re-discovery of the ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: DNS Hack

  1. Re: DNS Hack

    WLH> I surmise from this article that any DNS can be compromised by simple
    WLH> tools and converted to act as a forwarding message server for all
    kinds
    WLH> of nefarious deeds.
    WLH>

    Actually, it just the re-discovery of the well-known notion that covert
    channels are nigh on impossible to block. (This idea was known in
    1973. Grab your nearest copy of Tannenbaum's _Operating Systems: Design
    and Implementation_ and read chapter 5.)

    WLH> I'd suggests all who run their own DNS take heed of this and parse DNS
    WLH> messages before giving them to a DNS for both internal and external
    WLH> communications, eg. proxy the DNS.

    That won't do any good at all. The communicated data are encoded as
    perfectly legitimate DNS transactions.

  2. Re: DNS Hack

    Sir:

    Jonathan de Boyne Pollard wrote:
    > WLH> I surmise from this article that any DNS can be compromised by simple
    > WLH> tools and converted to act as a forwarding message server for all
    > kinds
    > WLH> of nefarious deeds.
    > WLH>
    >
    > Actually, it just the re-discovery of the well-known notion that covert
    > channels are nigh on impossible to block. (This idea was known in
    > 1973. Grab your nearest copy of Tannenbaum's _Operating Systems: Design
    > and Implementation_ and read chapter 5.)

    Just like the one in Ident that I've had the pleasure to mess with this
    week, since someone took up my request to look at a bug in identd that I
    found.
    >
    > WLH> I'd suggests all who run their own DNS take heed of this and parse DNS
    > WLH> messages before giving them to a DNS for both internal and external
    > WLH> communications, eg. proxy the DNS.
    >
    > That won't do any good at all. The communicated data are encoded as
    > perfectly legitimate DNS transactions.

    That is what needs to be parsed. There are some packets that have
    undefined, general purpose data fields. These need to be checked to see
    that the data is within bounds for normal DNS, and not extraneous stuff.
    On Windows this is how several viruses spread or call home with your
    credit card data. Since I don't have the slightest what is normal
    bounds for these data field, I am stimed, stifled.
    --
    Bill
    Thanks a Million!

  3. Re: DNS Hack

    On Sat, 7 Aug 2004 16:43:29 UTC, Jonathan de Boyne Pollard
    wrote:

    > Actually, it just the re-discovery of the well-known notion that covert
    > channels are nigh on impossible to block. (This idea was known in
    > 1973. Grab your nearest copy of Tannenbaum's _Operating Systems: Design
    > and Implementation_ and read chapter 5.)


    But if you're trying to look it up, use the name "Tanenbaum" as it will
    match much more easily...

    in the first edition, you'll need page 297, and in the second edition
    it is much later, on page 451.


+ Reply to Thread