[linux-elitists] Applications and the infamous DNS vulnerability
Thu Jul 24 09:40:04 PDT 2008
On a properly set up home or office network, it should
be difficult to poison the nameserver completely
from the outside -- for a long time it's been best
practice to put your public DNS on a separate machine.
Of course an attacker can easily trick an application
on the inside into doing a bunch of DNS queries --
the simplest example is that a user could visit a
malicious web page with a bunch of images.
Should applications that handle untrusted data
be keeping track of the number of times they get
NXDOMAIN for subdomains of one domain -- some kind
of wrapper around getaddrinfo -- then refusing to
query again if there are so many that it looks like
an attack? Maybe with a "I'm not looking up another
randomcrap.example.com domain for you" dialog, or
maybe just stop processing the offending web page or
whatever other data source is causing the queries?
Don Marti +1 415-734-7913 mobile
email@example.com Linux device driver unconference: http://freedomhec.org/
More information about the linux-elitists