Chris Klaus posted:
>NT DNS Denial Attack
>If an attacker spoofs a response that the DNS never requested, DNS will
>There is an advisory on this available at
>Currently, Microsoft is working on a solution.
Here's a little more information on this problem:
there were a few different problems discovered in the DNS that Microsoft
put out.. the first was due to the reception of a response to an query that
was never sent. [basically any DNS packet with the query/response bit set
I posted an advisory on this and James Gilroy (the developer of DNS at
microsoft) managed to get a fix out in about a day (an admirable feat for a
vendor).. Unfortunately the fix wasn't complete.. I managed to find another
bug a day or so later.. but once more James put out a patch and this one
has passed a few tests I threw at it.. It is due to be released along with
service pack 3 which is due out this quarter..
you can also get a copy at ftp://rhino.microsoft.com/
this fix is only available for intel, and as I don't have a NT system
running on alpha I haven't confirmed whether or not the alpha version of
DNS is vulnerable..
if anyone wants to volunteer a little bit of time we can test it out...
Jonathan Wilkins | Futuaris | If only they had used their
com | Non Irresus | terminals for niceness instead
http://www.secnet.com | Ridebus | of evil ...-Maxwell Smart