Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems)

Gene Spafford (spaf@CS.PURDUE.EDU)
Wed, 23 Apr 1997 23:13:17 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tom Vandepoel: "firewall-1: old broadcast address hole?"
Previous message: Yiorgos Adamopoulos: "Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems)"

FYI, the cache poisoning and MX record spoofing attacks were both
fully described in Christoph Schuba's MS thesis from COAST, done in
1992. It is available as
ftp://coast.cs.purdue.edu/pub/COAST/papers/schuba-DNS-msthesis.{ps.Z,pdf}
A shorter tech report that mentions the cache corruption plus some
other issues was done in 1994, and is available via
ftp://coast.cs.purdue.edu/pub/COAST/papers/schuba-spaf-DNS.{ps.Z,pdf}

Some of the ideas we developed in Christoph's work went back to Steve
Bellovin's paper from 1990. Thus, we can hardly consider SNI's alert
to be a "new" problem. That may explain why your (Johannes) paper of
last year didn't make much impact -- it wasn't new.

What is unfortunate is that we circulated Christoph's MS thesis to
CERT, CIAC, Sun, DEC, DISA, and a few other FIRST teams in 1992. We
held off publication of the thesis for a year for people to get the
code fixed before the details were available. Sigh. And we're still
seeing it in mid 1997 -- 5 years later, as Christoph finishes off his
PhD. Maybe we'll still be seeing it when Christoph graduates *his*
first grad student. :-(

--spaf

Next message: Tom Vandepoel: "firewall-1: old broadcast address hole?"
Previous message: Yiorgos Adamopoulos: "Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems)"