Comments on: Exploit in the wild for the Kaminsky DNS vulnerability http://www.spylogic.net/2008/07/exploit-in-the-wild-for-the-kaminsky-dns-vulnerability/ Sun, 18 Sep 2011 21:48:21 +0000 hourly 1 By: CG http://www.spylogic.net/2008/07/exploit-in-the-wild-for-the-kaminsky-dns-vulnerability/comment-page-1/#comment-75 CG Thu, 24 Jul 2008 00:22:17 +0000 #comment-75 Don't get me wrong I'm not saying its not dangerous, its just frustrating that people immediately lump a metasploit module --especially in this case because its only an aux module with script kiddie mass pwnage.<br /> <br /> with the number of "why cant i exploit my XP SP2+ box with DCOM" questions I see and take, I dont think we have to be too worried about the lowest common denominator on this one. Don’t get me wrong I’m not saying its not dangerous, its just frustrating that people immediately lump a metasploit module –especially in this case because its only an aux module with script kiddie mass pwnage.

with the number of "why cant i exploit my XP SP2+ box with DCOM" questions I see and take, I dont think we have to be too worried about the lowest common denominator on this one.

]]> By: Tom http://www.spylogic.net/2008/07/exploit-in-the-wild-for-the-kaminsky-dns-vulnerability/comment-page-1/#comment-74 Tom Wed, 23 Jul 2008 23:35:20 +0000 #comment-74 Point taken. I saw on Wired: Threat Level that HD said the following about his module:<br /> <br /> "Moore says the code currently has a limitation:<br /> <br /> This exploit can't be used to overwrite an existing cache entry, so attackers will have a hard time spoofing common host names on busy DNS servers. The module added to Metasploit will display the expiration date for any pre-cached entries and automatically wait for that amount of time for completing the attack."<br /> <br /> Correct. This might be a bit more technical then what a basic script kiddie could be capable of. Seems that you would just have to wait for the cached entries to expire...?<br /> <br /> Has anyone tested this in a lab yet? Point taken. I saw on Wired: Threat Level that HD said the following about his module:

"Moore says the code currently has a limitation:

This exploit can’t be used to overwrite an existing cache entry, so attackers will have a hard time spoofing common host names on busy DNS servers. The module added to Metasploit will display the expiration date for any pre-cached entries and automatically wait for that amount of time for completing the attack."

Correct. This might be a bit more technical then what a basic script kiddie could be capable of. Seems that you would just have to wait for the cached entries to expire…?

Has anyone tested this in a lab yet?

]]> By: CG http://www.spylogic.net/2008/07/exploit-in-the-wild-for-the-kaminsky-dns-vulnerability/comment-page-1/#comment-73 CG Wed, 23 Jul 2008 22:56:17 +0000 #comment-73 really? the average script kiddie knucklehead is about to download that module and actually get anywhere with it?<br /> <br /> doubtful. really? the average script kiddie knucklehead is about to download that module and actually get anywhere with it?

doubtful.

]]>