[p2p-hackers] DNS hijacking?

David Barrett dbarrett at quinthar.com
Mon May 25 17:20:29 EDT 2009


I'm primarily thinking of a wifi office or internet cafe; can't 
everybody sniff everybody else's traffic (including DNS requests)?  Does 
this mean that every wifi network is vulnerable to this really easy 
attack, and there's basically no defense other than upgrading all of DNS?

I guess I'm just late to party on realizing this.  Why doesn't this 
happen more often?  I'd think every virus out there would be doing this, 
if not to inject ads or whatever, but to just silently wait for anybody 
to download any executable content and inject itself into the stream.

-david

Matthew Kaufman wrote:
> David Barrett wrote:
>> Why wouldn't this work?  And is there any real protection against this?
>>
>>   
> DNSSEC would protect against this, but it essentially isn't deployed.
> 
> Of course your attack relies on being able to sniff the traffic going 
> towards the DNS server. If you're in a position to send/receive on the 
> LAN, you can just ARP-hijack the router itself, or take over any TCP 
> session that does get opened with Google, or install software on the 
> host that trusts other things on its LAN more than it trusts "the 
> Internet" and so opens up the ability for you use RPC attacks and the like.
> 
> The bigger issue is the one that was publicized a few months ago, where 
> I convince you to look up an address at my server, and then I use that 
> info to predict the sequence number you'll use in your subsequent 
> request for Google.com. The only defense is to use better random numbers 
> over a larger space, and even that isn't perfect protection.
> 
> Matthew Kaufman
> _______________________________________________
> p2p-hackers mailing list
> p2p-hackers at lists.zooko.com
> http://lists.zooko.com/mailman/listinfo/p2p-hackers



More information about the p2p-hackers mailing list