[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?

Subject: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
From: xenophage0 at gmail.com (Jason Frisvold)
Date: Thu, 24 Jul 2008 16:58:29 -0400
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On Thu, Jul 24, 2008 at 1:14 PM, Paul Vixie <vixie at isc.org> wrote:
> in spite of that caution i am telling you all, patch, and patch now.  if you
> have firewall or NAT configs that prevent it, then redo your topology -- NOW.
> and make sure your NAT isn't derandomizing your port numbers on the way out.
>
> and if you have time after that, write a letter to your congressman about the
> importance of DNSSEC, which sucks green weenies, and is a decade late, and
> which has no business model, but which the internet absolutely dearly needs.

So is this patch a "true" fix or just a temporary fix until further
work can be done on the problem?  I listened to Dan's initial
presentation and I've read a lot of speculation since then.  I've also
taken a look at the various blog entries that detail the problem.  I
believe I understand what the issue is and I can see how additional
randomization helps.  But it that truly an end-all fix, or is this
just the initial cry to stop short-term hijacking?

-- 
Jason 'XenoPhage' Frisvold
XenoPhage0 at gmail.com
http://blog.godshell.com

Follow-Ups:
- Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
  - From: jra at baylink.com (Jay R. Ashworth)
- Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
  - From: vixie at isc.org (Paul Vixie)
- Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
  - From: jmamodio at gmail.com (Jorge Amodio)

References:
- Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
  - From: jgreco at ns.sol.net (Joe Greco)
- Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
  - From: vixie at isc.org (Paul Vixie)
- Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
  - From: sean at donelan.com (Sean Donelan)
- Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
  - From: nenolod at systeminplace.net (William Pitcock)
- Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
  - From: vixie at isc.org (Paul Vixie)
- Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
  - From: sean at donelan.com (Sean Donelan)
- Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
  - From: vixie at isc.org (Paul Vixie)

Prev by Date: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
Next by Date: Exploit for DNS Cache Poisoning - RELEASED
Previous by thread: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
Next by thread: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
Index(es):
- Date
- Thread