Wednesday, July 23, 2008
Wednesday, July 16, 2008
Weighing in on the DNS thing...
My quick thoughts on the Kaminsky DNS thing, though I'm a little late to the party. Apparently it's a real thing. I spoke with someone who's lucky enough to be in the Magical Inner Circle of Truth and he agreed.
I have nothing but wild speculation here. I read through the BIND source a little, and I may be barking up the wrong tree, but it looks like the resolver doesn't randomize the QID for every query. Rather, it keeps a QID pool and checks for collisions before assigning an ID. Therefore, if you were to send a large number of queries to a bogus server where they will time out, you could effectively take those QIDs out of play. If this is a server you control, you are then able to drastically reduce the search space, since you know which QIDs you don't have to try.
Just a thought.
I have nothing but wild speculation here. I read through the BIND source a little, and I may be barking up the wrong tree, but it looks like the resolver doesn't randomize the QID for every query. Rather, it keeps a QID pool and checks for collisions before assigning an ID. Therefore, if you were to send a large number of queries to a bogus server where they will time out, you could effectively take those QIDs out of play. If this is a server you control, you are then able to drastically reduce the search space, since you know which QIDs you don't have to try.
Just a thought.
Subscribe to:
Posts (Atom)