site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

US Cable Support > Comcast HSI > [DNS] Comcast and the DNS Server flaw issue

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Forum Rules ·Forum FAQ ·Bandwidth Limits/Congestion Management ·Copyright Infringement?
AuthorAll Replies


espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
kudos:2
Reviews:
·Clear Wireless

reply to rolfp

Re: just copy/pastin' my way through life

said by rolfp:

OK, however, the folks at the thread in ATU I link are reporting 'GOOD' results when they apply the patch or update their dns server software. Wouldn't such a 'GOOD' result be expected from a patched Comcast server
It would depend on what DNS server it is. These tools are for testing Bind, so they are assuming Bind post-patch behavior. The 3 key problems with Bind specifically are:

1) Transaction IDs were predictable
2) Source ports were predictable
3) There was no limit to the number of response "attempts" that would be processed for a query before a valid response is received.

For this exploit to work, you need to get a spoofed response packet shot into the DNS server before the real server's packet made it in. With bind you could predict what the next source port and transaction ID would be, so once you saw one query you could predict what the next would be.
to forum · permalink · 2008-07-24 12:29:00 ·
Forums > US Cable Support > Comcast HSI

Wednesday, 30-May 20:32:47 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics