24 Jul 18:38
Applications and the infamous DNS vulnerability
From: Don Marti <dmarti <at> zgp.org>
Subject: Applications and the infamous DNS vulnerability
Newsgroups: gmane.linux.elitists
Date: 2008-07-24 16:40:04 GMT
Subject: Applications and the infamous DNS vulnerability
Newsgroups: gmane.linux.elitists
Date: 2008-07-24 16:40:04 GMT
On a properly set up home or office network, it should be difficult to poison the nameserver completely from the outside -- for a long time it's been best practice to put your public DNS on a separate machine. Of course an attacker can easily trick an application on the inside into doing a bunch of DNS queries -- the simplest example is that a user could visit a malicious web page with a bunch of images. Should applications that handle untrusted data be keeping track of the number of times they get NXDOMAIN for subdomains of one domain -- some kind of wrapper around getaddrinfo -- then refusing to query again if there are so many that it looks like an attack? Maybe with a "I'm not looking up another randomcrap.example.com domain for you" dialog, or maybe just stop processing the offending web page or whatever other data source is causing the queries? -- -- Don Marti +1 415-734-7913 mobile http://zgp.org/~dmarti/ dmarti <at> zgp.org Linux device driver unconference: http://freedomhec.org/
RSS Feed