Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 12:49:04 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1353506343&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiledesc%2Fbailiwicked_domain.rb.txt.html%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1353506343.1338209344.1338209344.1338209344.1%3B%2B__utmz%3D32867617.1338209344.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/68473/bailiwicked_domain.rb.txt http://packetstormsecurity.org/files/68473/bailiwicked_domain.rb.txt http://packetstormsecurity.org/files/68473/bailiwicked_domain.rb.txt.html Thu, 24 Jul 2008 16:14:00 GMT This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious nameserver entry into the target nameserver which replaces the legitimate nameservers for the target domain. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache. This insertion completely replaces the original nameserver records for the target domain.