aboutsummaryrefslogtreecommitdiff
path: root/netsec-assignment5-S4498062/exercise3/exercise3a
diff options
context:
space:
mode:
Diffstat (limited to 'netsec-assignment5-S4498062/exercise3/exercise3a')
-rw-r--r--netsec-assignment5-S4498062/exercise3/exercise3a26
1 files changed, 26 insertions, 0 deletions
diff --git a/netsec-assignment5-S4498062/exercise3/exercise3a b/netsec-assignment5-S4498062/exercise3/exercise3a
new file mode 100644
index 0000000..fd9364a
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise3/exercise3a
@@ -0,0 +1,26 @@
+We query a non-existing domain which likely isn't in the cache already (that is,
+a random string as subdomain). For example, we might query for:
+
+$ dig eWVwLCB0aGlzIGlzIGJhc2U2NC4u.blackboard.ru.nl
+
+Then we race the actual DNS server to provide this response:
+
+ ;; ANSWER SECTION:
+ eWVwLCB0aGlzIGlzIGJhc2U2NC4u.blackboard.ru.nl. 120 IN A 10.10.10.10
+
+ ;; AUTHORITY SECTION:
+ blackboard.ru.nl. 86400 IN NS ourns.blackboard.ru.nl.
+
+ ;; ADDITIONAL SECTION:
+ ourns.blackboard.ru.nl. 604800 IN A 10.10.10.20
+
+Here, 10.10.10.20 would be our address. The cache will now ask stuff about
+blackboard.ru.nl to our nameserver which he thinks is at ourns.blackboard.ru.nl.
+
+Thus by simply requesting
+
+$ dig blackboard.ru.nl
+
+and sending back an incorrect A record for blackboard.ru.nl from 10.10.10.20, we
+have spoofed the cache.
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-15 04:47:15 +0000