Re: [ga] Vixies vixens make big boo boo on successful Russian DNS hack

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

Dr. Joe and all,

  Well your very welcome indeed!  >:)  After all what is a meal,
if not with the proper spice to enhance properly the savory taste
eh?  Unless of course that meal is best served cold...  Food for
thought prhaps?  You be the judge.

Joe Baptista wrote:

>
>
> On Sun, Aug 10, 2008 at 3:12 AM, Jeffrey A.
> Williams <jwkckid1@xxxxxxxxxxxxx> wrote:
>
>
>      Dr. Joe and all,
>
>       Thanks for also saving/archiving the original story.
>      History if
>      saved in this manner can never be truthfully revised.  BTW,
>      I
>      and 200 odd other or our members also archived this story
>      including all metadata for forensics purposes as well if
>      needed
>      in the future for legal purposes.  I hope SANS will also be
>      covering it as well as did NetworkWorld.
>
>
> Your a gem Jeff, if not a joy to add flavour to our gatherings.
>
> cheers
> joe baptista
>
>
>
>
>       FWIW, it may be time to keep a closer watch on Circleid,
>      which I have also written for on occasion.  Yellow
>      journalism
>      is not a good thing...
>
>      Joe Baptista wrote:
>
>      >
>      > The news story below was first published on CircleID.  It
>      has since
>      > been yanked and is no where to be found on CircleID.
>      Maybe we are
>      > witnessing a bit of history revision.  This makes me sad
>      because
>      > CircleID was a publication I once wrote for.  In fact I
>      was one of the
>      > first paid writer for the organization.  Probably the only
>      one at the
>      > time.  And it is sad to see revision at an organization I
>      was once
>      > associated with.
>      >
>      > However it is understandable considering Vixie, the sacred
>      cow of DNS,
>      > made such a stupid and silly statement in the article.
>      >
>      > Basically an internet researcher in Russia was able to
>      break the Vixie
>      > patch and poison a servers cache after some 10 hours,
>      billions of
>      > connections over a gigabit connection.  Vixies response
>      was "before
>      > somebody gets all excited about it let's be clear that it
>      takes two
>      > billion packets on average to defeat UDP port
>      randomization, which in
>      > this case was a fully utilized gigabit Internet connection
>      for a
>      > period of ten hours."  and proceeded to draw parallels
>      that the level
>      > of risk was reasonably low because of this
>      rationalization.
>      >
>      > I think sometime Vixie lives in the dark ages of the net,
>      when
>      > everything was low bandwidth and script kiddies were a
>      novelty.
>      > Indeed Polyakov, the Russian researcher, should be
>      congratulated for
>      > his success in this attack considering the poor russian
>      was using such
>      > limited resources.
>      >
>      > Unlike script kiddies or real internet criminals Polyakov
>      did not have
>      > the resources required, being hundreds of thousands of
>      computers
>      > connected through a maze of IRC botnets on hundreds of
>      thousands of
>      > both DSL and gigabit connections to conduct a proper
>      attack.  Poor man
>      > had to do it with one computer and one high speed internet
>      link.  If
>      > he had better resources - like the kiddies - he could
>      probably do it
>      > in much less time - 10 - 20 minutes?
>      >
>      > Under these circumstances I'm not surprised the story was
>      yanked.  The
>      > quote makes Vixie look like an idiot.
>      >
>      > In any case - here is the original story no longer
>      published at
>      > CircleID.
>      >
>      >
>      > Latest news postings on CircleID
>      > URL: http://www.circleid.com/news/
>      > Updated: 10 hours 46 min ago
>      >
>      > Emergency DNS Patch Still Vulnerable, Proves Russian
>      Physicist
>      >
>      > 10 hours 19 min ago
>      > A Russian physicist has been able to successfully poison
>      the latest
>      > BIND patch with fully randomized ports. In other words,
>      the emergency
>      > fix put in place to patch the Domain Name System (DNS)
>      vulnerability
>      > for BIND, Internet's most popular DNS software, has been
>      demonstrated
>      > to be vulnerable?and still exploitable by criminals.
>      >
>      > Evgeniy Polyakov from Moscow, Russia in a blog post today,
>      has shown
>      > how using two fairly powerful computers and a fast
>      broadband
>      > connection, one could successfully attack the patched DNS
>      server in
>      > less than 10 hours. With a fast connection, "any trojaned
>      machine can
>      > poison your DNS during one night" says Polyakov in his
>      blog post.
>      >
>      > As demonstrated by security expert, Dan Kaminsky on
>      Wednesday at the
>      > Black Hat security conference, the vulnerability, if
>      exploited by
>      > criminal, could be detrimental to the Web as well as
>      services such as
>      > email.
>      >
>      > Paul Vixie, president of the Internet Systems Consortium
>      (ISC), the
>      > organization in charge of maintaining the BIND software
>      has verified
>      > that Polyakov's exploit looks real. However "before
>      somebody gets all
>      > excited about it," Vixie says, "let's be clear that it
>      takes two
>      > billion packets on average to defeat UDP port
>      randomization, which in
>      > this case was a fully utilized gigabit Internet connection
>      for a
>      > period of ten hours." In other words, the probability of a
>      successful
>      > attack is fairly minimal. On the other hand, in the case
>      of an
>      > unpatched server, an attack was "narrowed down to six
>      seconds," Vixie
>      > noted.
>      >
>      > In the long term, Vixie says "we'll go on improving our
>      forgery
>      > resilience, as will every recursive DNS implementor, while
>      we continue
>      > pushing DNSSEC as the ultimate long term solution to the
>      entire
>      > forgery problem including this off-path-attacker problem."
>
>      >
>      > More under: DNS, DNSSEC, Security
>      > Categories: Net coverage
>      >
>      > --
>      > Joe Baptista
>      > www.publicroot.org
>      > PublicRoot Consortium
>      >
>      ----------------------------------------------------------------
>
>      > The future of the Internet is Open, Transparent,
>      Inclusive,
>      > Representative & Accountable to the Internet community
>      @large.
>      >
>      ----------------------------------------------------------------
>
>      > Office: +1 (360) 526-6077 (extension 052)
>      > Fax: +1 (509) 479-0084
>      >
>      >
>      Regards,
>
>      Spokesman for INEGroup LLA. - (Over 281k
>      members/stakeholders strong!)
>      "Obedience of the law is the greatest freedom" -
>        Abraham Lincoln
>
>      "Credit should go with the performance of duty and not with
>      what is
>      very often the accident of glory" - Theodore Roosevelt
>
>      "If the probability be called P; the injury, L; and the
>      burden, B;
>      liability depends upon whether B is less than L multiplied
>      by
>      P: i.e., whether B is less than PL."
>      United States v. Carroll Towing  (159 F.2d 169 [2d Cir.
>      1947]
>      =====
>      =========================================================
>      Updated 1/26/04
>      CSO/DIR. Internet Network Eng. SR. Eng. Network data
>      security IDNS.
>      div. of Information Network Eng.  INEG. INC.
>      ABA member in good standing member ID 01257402 E-Mail
>      jwkckid1@xxxxxxxxxxxxx
>      My Phone: 214-244-4827
>
>
>
>
>
> --
> Joe Baptista
> www.publicroot.org
> PublicRoot Consortium
> ----------------------------------------------------------------
> The future of the Internet is Open, Transparent, Inclusive,
> Representative & Accountable to the Internet community @large.
> ----------------------------------------------------------------
> Office: +1 (360) 526-6077 (extension 052)
> Fax: +1 (509) 479-0084
>
> Regards,
>
> Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
>
> "Obedience of the law is the greatest freedom" -
>    Abraham Lincoln
>
> "Credit should go with the performance of duty and not with what is
> very often the accident of glory" - Theodore Roosevelt
>
> "If the probability be called P; the injury, L; and the burden, B;
> liability depends upon whether B is less than L multiplied by
> P: i.e., whether B is less than PL."
> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
> ===============================================================
> Updated 1/26/04
> CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
> div. of Information Network Eng.  INEG. INC.
> ABA member in good standing member ID 01257402 E-Mail
> jwkckid1@xxxxxxxxxxxxx
> My Phone: 214-244-4827
>