[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Multiple DNS implementations vulnerable to cache poisoning

Subject: Multiple DNS implementations vulnerable to cache poisoning
From: morrowc.lists at gmail.com (Christopher Morrow)
Date: Wed, 9 Jul 2008 12:05:38 -0400
In-reply-to: <[email protected]>
References: <D0D0330CBD07114D85B70B784E80C2F2022FC9E8@exch-mail2.win.slac.stanford.edu> <[email protected]>

On Wed, Jul 9, 2008 at 11:41 AM, Steven M. Bellovin <smb at cs.columbia.edu> wrote:

> The ISC web page on the attack notes "DNSSEC is the only definitive
> solution for this issue. Understanding that immediate DNSSEC deployment
> is not a realistic expectation..."  I wonder what NANOG folk can do
> about the second part of that quote...

get the root zone signed, get com/net/org/ccTLD's signed.. oh wait,
that's not nanog... doh!

Pressure your local ICANN officers?

-Chris

Follow-Ups:
- Multiple DNS implementations vulnerable to cache poisoning
  - From: smb at cs.columbia.edu (Steven M. Bellovin)
- Multiple DNS implementations vulnerable to cache poisoning
  - From: jabley at ca.afilias.info (Joe Abley)
- Multiple DNS implementations vulnerable to cache poisoning
  - From: drc at virtualized.org (David Conrad)
- Multiple DNS implementations vulnerable to cache poisoning
  - From: jra at baylink.com (Jay R. Ashworth)

References:
- Multiple DNS implementations vulnerable to cache poisoning
  - From: gtb at slac.stanford.edu (Buhrmaster, Gary)
- Multiple DNS implementations vulnerable to cache poisoning
  - From: smb at cs.columbia.edu (Steven M. Bellovin)

Prev by Date: Building a BGP test network
Next by Date: Multiple DNS implementations vulnerable to cache poisoning
Previous by thread: Multiple DNS implementations vulnerable to cache poisoning
Next by thread: Multiple DNS implementations vulnerable to cache poisoning
Index(es):
- Date
- Thread