DNS is tricky
A possible explanation of the DNS vulnerability got posted on Matasano Chargen, an excellent infosec blog. This is neat because Matasano’s principle, Tom, has already gotten the entire story from Dan—he knows all the details we don’t. It was written well enough, and Tom’s credibility is high enough, to assume it was a draft he had ready to fire off as soon as the exploit was public on the sixth.
It was pulled very quickly. I have a copy in my Google Reader cache.
I thought it was a bad guess, but the retraction and the dailydave thread that it sourced getting closed (not uncommon there) have me curious. Why publish a thought experiment without captures proving it? Also, I think the post was from an intern’s account on the blog. Oops.
Then Dan Kaminsky twittered:
“DNS bug is public. You need to patch, or switch to opendns, RIGHT NOW. Could”
Patch. Today. Now. Yes, stay late. Yes, forward to OpenDNS if you have to. (They’re ready for your traffic.) Thank you to the many of you who already have.
Which has me (and many others) convinced that this is legit and we might start hearing about attempts. Did Dan’s hype backfire?
Richard is right, the NAT question is also interesting (and why I have been asking for architecture diagrams lately)
This will be trivial to detect on the wire with traditional IDS/IPS.
I’d like proof of the ‘in-bailiwick’ premise of the last paragraph. Dan probably has something better than this but who knows?
This has already won a pwnie, excellent.