aboutsummaryrefslogtreecommitdiff
path: root/netsec-assignment5-S4498062/exercise3
diff options
context:
space:
mode:
authorCamil Staps2015-10-13 20:59:20 +0200
committerCamil Staps2015-10-13 20:59:20 +0200
commit5667cc3df79242093f6fe56521785b7b28b45005 (patch)
tree4c7340b4a16f2b2960e6d6480cdfd82e29d072c4 /netsec-assignment5-S4498062/exercise3
parentFinish assignment 4 (diff)
Assignment 5HEADmaster
Diffstat (limited to 'netsec-assignment5-S4498062/exercise3')
-rw-r--r--netsec-assignment5-S4498062/exercise3/exercise3a26
-rw-r--r--netsec-assignment5-S4498062/exercise3/exercise3b6
-rw-r--r--netsec-assignment5-S4498062/exercise3/exercise3c3
-rw-r--r--netsec-assignment5-S4498062/exercise3/exercise3d3
-rw-r--r--netsec-assignment5-S4498062/exercise3/exercise3e3
5 files changed, 41 insertions, 0 deletions
diff --git a/netsec-assignment5-S4498062/exercise3/exercise3a b/netsec-assignment5-S4498062/exercise3/exercise3a
new file mode 100644
index 0000000..fd9364a
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise3/exercise3a
@@ -0,0 +1,26 @@
+We query a non-existing domain which likely isn't in the cache already (that is,
+a random string as subdomain). For example, we might query for:
+
+$ dig eWVwLCB0aGlzIGlzIGJhc2U2NC4u.blackboard.ru.nl
+
+Then we race the actual DNS server to provide this response:
+
+ ;; ANSWER SECTION:
+ eWVwLCB0aGlzIGlzIGJhc2U2NC4u.blackboard.ru.nl. 120 IN A 10.10.10.10
+
+ ;; AUTHORITY SECTION:
+ blackboard.ru.nl. 86400 IN NS ourns.blackboard.ru.nl.
+
+ ;; ADDITIONAL SECTION:
+ ourns.blackboard.ru.nl. 604800 IN A 10.10.10.20
+
+Here, 10.10.10.20 would be our address. The cache will now ask stuff about
+blackboard.ru.nl to our nameserver which he thinks is at ourns.blackboard.ru.nl.
+
+Thus by simply requesting
+
+$ dig blackboard.ru.nl
+
+and sending back an incorrect A record for blackboard.ru.nl from 10.10.10.20, we
+have spoofed the cache.
+
diff --git a/netsec-assignment5-S4498062/exercise3/exercise3b b/netsec-assignment5-S4498062/exercise3/exercise3b
new file mode 100644
index 0000000..34d75bf
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise3/exercise3b
@@ -0,0 +1,6 @@
+The QID is a 16-bit random string, so we have a chance of 1 over 2^16 to guess
+it correctly.
+
+If we also use port randomisation, we have to guess 16+16=32 bits, giving us a
+1 over 2^32 chance.
+
diff --git a/netsec-assignment5-S4498062/exercise3/exercise3c b/netsec-assignment5-S4498062/exercise3/exercise3c
new file mode 100644
index 0000000..35ca2b0
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise3/exercise3c
@@ -0,0 +1,3 @@
+We have to guess 14 extra bits, that is, 46 bits, giving us a 1 over 2^46
+probability to guess correctly.
+
diff --git a/netsec-assignment5-S4498062/exercise3/exercise3d b/netsec-assignment5-S4498062/exercise3/exercise3d
new file mode 100644
index 0000000..d4e9ff0
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise3/exercise3d
@@ -0,0 +1,3 @@
+Using a birthday attack, sending many the same queries increases our odds of
+getting one right.
+
diff --git a/netsec-assignment5-S4498062/exercise3/exercise3e b/netsec-assignment5-S4498062/exercise3/exercise3e
new file mode 100644
index 0000000..99abf57
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise3/exercise3e
@@ -0,0 +1,3 @@
+If you're in the middle anyway you can change everything. You don't have to
+guess anything, because you only modify the relevant section(s).
+