From 5667cc3df79242093f6fe56521785b7b28b45005 Mon Sep 17 00:00:00 2001
From: Camil Staps
Date: Tue, 13 Oct 2015 20:59:20 +0200
Subject: Assignment 5

---
 netsec-assignment5-S4498062/exercise3/exercise3a | 26 ++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 netsec-assignment5-S4498062/exercise3/exercise3a

(limited to 'netsec-assignment5-S4498062/exercise3/exercise3a')

diff --git a/netsec-assignment5-S4498062/exercise3/exercise3a b/netsec-assignment5-S4498062/exercise3/exercise3a
new file mode 100644
index 0000000..fd9364a
--- /dev/null
+++ b/netsec-assignment5-S4498062/exercise3/exercise3a
@@ -0,0 +1,26 @@
+We query a non-existing domain which likely isn't in the cache already (that is,
+a random string as subdomain). For example, we might query for:
+
+$ dig eWVwLCB0aGlzIGlzIGJhc2U2NC4u.blackboard.ru.nl
+
+Then we race the actual DNS server to provide this response:
+
+    ;; ANSWER SECTION:
+    eWVwLCB0aGlzIGlzIGJhc2U2NC4u.blackboard.ru.nl. 120 IN A 10.10.10.10
+
+    ;; AUTHORITY SECTION:
+    blackboard.ru.nl.       86400   IN      NS      ourns.blackboard.ru.nl.
+
+    ;; ADDITIONAL SECTION:
+    ourns.blackboard.ru.nl. 604800  IN      A       10.10.10.20
+
+Here, 10.10.10.20 would be our address. The cache will now ask stuff about
+blackboard.ru.nl to our nameserver which he thinks is at ourns.blackboard.ru.nl.
+
+Thus by simply requesting
+
+$ dig blackboard.ru.nl
+
+and sending back an incorrect A record for blackboard.ru.nl from 10.10.10.20, we
+have spoofed the cache.
+
-- 
cgit v1.2.3