It doesn’t matter whether that image really exists, or even if there’s a web server to host images at all.Īll that matters is that some device on the target network should decide to ask an unpatched AirPort router, “Where do I find ?” Sadly, it’s easier than you might think to feed booby-trapped DNS replies to a router you want to attack.Īll you need to do is register a domain name, such as set up a booby-trapped DNS server to answer queries about the domain and send your victims some sort of content that includes a reference to the booby-trapped domain.įor example, you might create a web page that references an image that claims to be stored on a server at the offending domain. The latter is obviously a much more serious flaw, and we think it’s probably the sort of bug that Apple is talking about here.Īfter all, you almost never want your home router to answer DNS queries from the outside, so you almost never configure your router to do so.īut you almost always want your router to perform requests to the outside as part of the service it provides to your internal network, so most routers are set up to work this way. The second is by feeding malformed replies to an AirPort that makes outbound DNS requests on behalf of the devices on its internal network. ![]() The first way is by feeding malformed DNS requests to an AirPort that is set up to reply to queries from the internet. ![]() ![]() We can think of two ways that a DNS data-handling bug of this type might be exploited to take control of a vulnerable AirPort router.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |