Comments on: MS Windows DNS Client Service Vulnerability http://cyberinsecure.com/ms-windows-dns-client-service-vulnerability/ Daily cyber threats and internet security news alerts Mon, 01 Dec 2008 18:10:20 +0000 http://wordpress.org/?v=abc By: Scott http://cyberinsecure.com/ms-windows-dns-client-service-vulnerability/#comment-56 Scott Thu, 10 Apr 2008 21:42:56 +0000 http://cyberinsecure.com/ms-windows-dns-client-service-vulnerability/#comment-56 So this may be kind of an overly simplistic point, but what is the real world effect of randomizing transaction IDs? If the attacker was in the data path between the DNS client and the DNS server couldn't the attacker just spoof the transaction ID sent by the client (random or not) in the response and as long as it got to the client first, and resolve any name to the server of the attacker's choice? If the attacker isn't in the path then there would be no way to determine what DNS requests the client was issuing and therefore no point in just sending back random replies with the "guessed" address and an IP of the attacker's choosing unless you were trying to mess up a major site on the Internet which would be the subject of a significant percentage of Internet lookups. I just don't see what an attacker could do with predictable transaction ID information that can't be done with random transaction IDs. Any thoughts? Scott So this may be kind of an overly simplistic point, but what is the real world effect of randomizing transaction IDs? If the attacker was in the data path between the DNS client and the DNS server couldn’t the attacker just spoof the transaction ID sent by the client (random or not) in the response and as long as it got to the client first, and resolve any name to the server of the attacker’s choice? If the attacker isn’t in the path then there would be no way to determine what DNS requests the client was issuing and therefore no point in just sending back random replies with the “guessed” address and an IP of the attacker’s choosing unless you were trying to mess up a major site on the Internet which would be the subject of a significant percentage of Internet lookups. I just don’t see what an attacker could do with predictable transaction ID information that can’t be done with random transaction IDs.

Any thoughts?

Scott

]]>