MoinQ:

Contents

  1. 2009
    1. slide 19

1. 2009

2009 年の Blackhat (Washington DC らしい) での講演で、今回の話に相当する内容も指摘されている。

DNS 2008 and the New (old) Nature of Critical Infrastructure

https://www.blackhat.com/presentations/bh-dc-09/Kaminsky/BlackHat-DC-09-Kaminsky-DNS-Critical-Infrastructure.pdf

slide 17

DNS 2008 and the New (old) Nature of Critical Infrastructure

slide 12/71

Nature Of My TTL Bypass (There are many others)

A Question Of Trust 
•BIND9 is a little more paranoid than many name servers 
–Nominum’s pretty paranoid too 
•If there is an answer in cache that came from the ANSWER section,
 the added data in ADDITIONAL cannot override it, 
 even the new data comes from a source that’s in-bailiwick

Not All Answers Are Found In The Same Place 
•Many answers in a DNS cache were originally acquired via ADDITIONAL section 
–MX Records provide a list of mail servers, and additionally their IP addresses 
–CNAME Records provide the “Canonical Name” for a server, and additionally the IP of that server 
•CNAME may be returned for any type 
•Additional IP may show up in Answer section, unclear if treated as an Answer th

1.1. slide 19

Getting Our Universal Attack Working Against BIND


https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Kaminsky/BlackHat-Japan-08-Kaminsky-DNS08-BlackOps.pdf

https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html

MoinQ: DNS/Kaminsky/Blackhat (last edited 2022-02-02 13:04:30 by ToshinoriMaeno)