Chris Klaus posted:
>NT DNS Denial Attack
>
>If an attacker spoofs a response that the DNS never requested, DNS will
>terminate.
>There is an advisory on this available at
http://www.iss.net/lists/general/0118.html
>
>Solution:
>
>Currently, Microsoft is working on a solution.
Here's a little more information on this problem:
there were a few different problems discovered in the DNS that Microsoft
put out.. the first was due to the reception of a response to an query that
was never sent. [basically any DNS packet with the query/response bit set
to true]
I posted an advisory on this and James Gilroy (the developer of DNS at
microsoft) managed to get a fix out in about a day (an admirable feat for a
vendor).. Unfortunately the fix wasn't complete.. I managed to find another
bug a day or so later.. but once more James put out a patch and this one
has passed a few tests I threw at it.. It is due to be released along with
service pack 3 which is due out this quarter..
you can also get a copy at ftp://rhino.microsoft.com/
this fix is only available for intel, and as I don't have a NT system
running on alpha I haven't confirmed whether or not the alpha version of
DNS is vulnerable..
if anyone wants to volunteer a little bit of time we can test it out...
Jonathan
-=-=-=-=-=-=-=-
Jonathan Wilkins | Futuaris | If only they had used their
jwilkins @
secnet .
com | Non Irresus | terminals for niceness instead
http://www.secnet.com | Ridebus | of evil ...-Maxwell Smart
|
|
