Subject: Re: automatic login
To: NetBSD User's Discussion List <netbsd-users@NetBSD.ORG>
From: Greg A. Woods <woods@weird.com>
List: netbsd-users
Date: 07/04/2002 14:36:03
[ On Thursday, July 4, 2002 at 18:42:21 (+0100), David Laight wrote: ]
> Subject: Re: automatic login
>
> > DNS spoofing requires either: a) the resolver for server to be
> > mis-configured or to be buggy; and/or b) the DNS zones for the clients
> > to be hosted on an insecure server.
>
> Or you to send the client a response BEFORE the real one arrives.
"a _valid_ response" is required by my resolvers, I believe.... (not
entirely tricky, but harder than it would appear on first glance, and
requires some sniffing of the requests or brute-force DNS sequence
number guessing)
You'll have a hard time doing that too since the authoritative server is
actually on the local host and you hopefully can't spoof IP packets to it.... :-)
(and if it were some other machine on the internal network I'd hopefully
have a host-based firewall on the server to prevent spoofed DNS replies
from any outside network -- though I'm not quite that careful in those
particular scenarios, yet.... ;-)
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>