Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: DNS Cache Poisoning attack

Re: DNS Cache Poisoning attack

From: Michael Rash <mbr_at_cipherdyne.org>
Date: Thu, 17 Jul 2008 21:44:53 -0400

In addition to detection, how about prevention? There is a an easy way
to thwart the attack (most likely) for those DNS servers that are deployed
on (or behind) either Linux or OpenBSD without patching the DNS server
(which is preferrable of course, but not everyone can):

http://www.cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-attacks-with-iptables.html
http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.html

--Mike

On Jul 17, 2008, Joel Esler wrote:

> There are Shared Object rules available for the DNS Cache Poisoning attack
> that are VRT certified available via subscription at www.snort.org.
>
> J
>
> On Jul 16, 2008, at 10:38 PM, Ravi Chunduru wrote:
>
>> Does anybody have snort or Intrupro-IPS signature(s) to detect DNS
>> Cache Poisoning attack?
>> Also, is there any PoC to simulate the attack and test the
>> effectiveness of signature(s)?
>>
>> thanks
>> Ravi
>>
>> ------------------------------------------------------------------------
>> Test Your IDS
>>
>> Is your IDS deployed correctly?
>> Find out quickly and easily by testing it
>> with real-world attacks from CORE IMPACT.
>> Go to
>> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
>> to learn more.
>> ------------------------------------------------------------------------
>>
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing itwith real-world attacks from CORE
> IMPACT.
> Go to
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfwto
> learn more.
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
Received on Jul 17 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos