[nsp-sec] DNS vulnerability CVE-2008-1447/VU#800113

Barry Raveendran Greene bgreene at senki.org
Tue Jul 8 22:24:33 EDT 2008 

For NSP-SEC only.

When I was briefed, I was not surprised. As it was sketched on the
whiteboard I saw:

1. How I could replicate in the lab.
2. Saw several active cyber-crime "economies" which would be able to pull
the technique in and enhance their "business" 
3. Mapped out a nice illustrated presentation in my head which would show
how the various types of malware would work, handing off through the
specialist in the miscreant economy - from BOTHERDer to miscreants doing
some nasty things with violated DNS Recursive Resolvers sold to them.
4. Thought of a couple of tweaks to existing malware - allowing this to
work.
5. Remembered a big DNS incident in China last Nov whose characteristics
mapped into this exploit vector. :-0

Yes, people really need to act on this one. It is not a "panic" sort of
issue, knowing how we tend to maintain DNS infrastructure in the industry,
it will become a nice tool in the miscreants bag of tricks.



> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of 
> Paul Goyette
> Sent: Tuesday, July 08, 2008 7:01 PM
> To: Sean Donelan
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] DNS vulnerability CVE-2008-1447/VU#800113
> 
> ----------- nsp-security Confidential --------
> 
> > Other than some software vendors/programmers announcing a 
> fix for an 
> > old problem, has anything actually changed in the world today?
> > 
> > Just trying to figure out if this is really a "red alert" 
> or business 
> > as usual, upgrade your stuff regularly because programmers 
> are human.
> 
> Having been briefed from the source, I'd say that this is 
> definitely more than your average programmer/bug.  It's quite 
> serious in my opinion.
> 
> Other than that, I'm under enough NDA paperwork not to be 
> able to say anything further.  :)
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security community. Confidentiality is essential for 
> effective Internet security counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list