8 matches found
Moby's external DNS requests from 'internal' networks could lead to data exfiltration
Moby is an open source container framework originally developed by Docker Inc. as Docker. It is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. As a batteries-included container runtime, Moby comes with a built-in networking implementati...
New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks
Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path...
The .io Error – Taking Control of All .io Domains With a Targeted Registration
In a previous post we talked about taking over the .na , .co.ao , and .it.ao domain extensions with varying levels of DNS trickery. In that writeup we examined the threat model of compromising a top level domain TLD and what some avenues would look like for an attacker to accomplish this goal. On...
DNS Poisoning Attacks Made Easy: Judas DNS
DNS Poisoning Attacks Made Easy A DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation. Judas works by proxying all DNS queries to the legitimate nameservers for a domain. The magic comes with Judas’s rule configurations which allow you to...
The International Incident – Gaining Control of a .int Domain Name With DNS Trickery
The .int or international TLD is perhaps one of the most exclusive extensions available on the Internet. The number of domains on the extension is so small it has it’s own Wikipedia page. Introduced around 27 years ago its primary purpose has been for international treaty organizations. The...
dns/bind9* -- zero-length RDATA can cause named to terminate, reveal memory
ISC reports: Processing of DNS resource records where the rdata field is zero length may cause various issues for the servers handling them. Processing of these records may lead to unexpected outcomes. Recursive servers may crash or disclose some portion of memory to the client. Secondary servers...
DNS BailiWicked Domain Attack
This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed Jul 2008. This exploit replaces the target domains nameserver entries in a vulnerable DNS cache server. This attack works by sending random hostname queries to the target DNS server coupled...
MS Windows DNS Resolution Remote Denial of Service PoC (MS06-041)
No description provided by source. !/usr/bin/python POC for MS06-041 Run the python script passing the local ip address as parameter. The DNS server will start listening on this ip address for DNS hostname resolution queries. This script is for testing and educational purpose and so to test this...