Techly NewsGet the app

Get the latest tech news

An illustrated guide to the Kaminsky DNS vulnerability (2008)


This site uses advanced css techniques The big security news of Summer 2008 has been Dan Kaminsky's discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends.

Ultimately, DNS is a kind of distributed database, and it can look up much more than just an IP address: there are multiple resource record types involved in a query, and one can't understand the packet structure without knowing their distinctions. When a DNS answer is stored in the local cache, it can't keep it forever: this could lead to terribly stale data that effectively breaks the domains involved. Bad guy monitors this lookup of test.badguy.com by sniffing the IP traffic going to his own machine, or perhaps even with a custom modification to the nameserver software, and from this discovers the source port and Query ID used.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of illustrated guide

illustrated guide

Related news:

News photo

The Illustrated Guide to a PhD

News photo

An Illustrated Guide to Maritime Signal Flags

« "No, we are absolutely not prepared to [fork Firefox]"
Inside the Taliban's surveillance network monitoring millions »