Home > Security > Release!


It is done (well, for various definitions of the word “done”). Here, at the
Black Hat Briefings, I’ve finally
assembled and packaged my collection of DNS manipulation tools…and, as I’ve
been known to do, rewrote much of of my slides (major changes — deep
discussion of DNS Source Routing). Here’s the summary conclusions from the
end of the talk:

1. DNS is globally deployed — you use it as a client, you probably depend on it as a server.
2. As the rest of IP networking has become progressively more and more filtered, DNS’s level of interconnectivity has (for important functionality reasons) remained constant, and in some ways outstrips the services offered by a completely unfirewalled host.
3. This connectivity can be used to offer a range of services, from encrypted VPN-style linkage, to a completely silent but remotely addressable trojan horse, to an unexpectedly useful distributed caching audio system.
4. DNS should not be disabled, re-engineered, blocked, or heavily interfered with at this time — but perhaps we can start paying closer attention to its traffic.

Without delay:

Categories: Security
  1. Dick
    May 29, 2009 at 6:48 am

    Thank you very much for ozymandns.

    I’ve fixed two issues:
    1. Don’t crash on syswrite
    2. Really use $opts{ip}

    — nomde.pl 2009-05-15 13:22:33.000000000 +0200
    +++ /usr/local/bin/nomde.pl 2009-05-15 13:25:38.000000000 +0200
    @@ -230,7 +230,7 @@
    while($size != length($data)) {
    my $outdata;
    $outdata = substr($data, $size);
    – $size += syswrite($sock, $outdata, length($data)-$size);
    + eval {$size += syswrite($sock, $outdata, length($data)-$size);};
    if($size != length($data)){usleep (100 * 1000);}
    $data=”1″; #for now, we don’t store incoming data
    @@ -351,6 +351,7 @@

    my $ns = Net::DNS::Nameserver->new(
    LocalPort => 53,
    + LocalAddr => ($opts{ip}),
    ReplyHandler => \&reply_handler,
    Verbose => 2,
    ) || die “couldn’t create nameserver object\n”;

  1. March 11, 2009 at 4:12 pm
  2. March 14, 2009 at 5:33 pm
  3. April 12, 2009 at 9:45 pm
  4. April 15, 2009 at 6:44 pm
  5. January 4, 2012 at 11:17 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: