2008-08-04 10-32 Kaminsky DNS View & Black Hat Campaign Special

image.png

Greetings Black Hat / DEFCON visitors. I'm sorry to say we couldn't make it this year. But don't worry, we have not forgotten you! Actually, we have cooked up something special to offer for all you people with black hats, and you don't even have to be in Las Vegas to participate!

Jukke came up with a brilliant new view for Clarified Analyzer called the DNS Randomness View 1. It helps address the DNS vulnerabilities found and illustrated by Dan Kaminsky (be sure to catch his presentation at Black Hat). This issue has gathered a lot of press and it is actually now widely referred as the Kaminsky DNS flaw / bug / vulnerability / cock-up. So, we decided to name the view after Mr. Kaminsky (with his kind permission).

The Kaminsky DNS View monitors network traffic (either from a pcap file, or traffic captured by probes) and deducts the port and id deviations from the DNS flows. With this information it evaluates the IP addresses like this:

-- jani 2008-08-04 11:26:57


return to the blog ...

  1. Experimental (1)