[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Great Suggestion for the DNS problem...?

Subject: Great Suggestion for the DNS problem...?
From: briand at ca.afilias.info (Brian Dickson)
Date: Tue, 29 Jul 2008 04:00:57 +0100
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

> What would the ip-blocking BGP feed accomplish? Spoofed source 
> addresses are a staple of the DNS cache poisoning attack.
> Worst case scenario, you've opened yourself up to a new avenue of 
> attack where you're nameservers are receiving spoofed packets intended 
> to trigger a blackhole filter, blocking communication between your 
> network and the legitimate owner of the forged ip address.
>

Yes, but what about blocking the addresses of recursive resolvers that 
are not yet patched?

That would certainly stop them from being poisoned, and incent their 
owners to patch...

1/2 :-)

Brian

> Michael Smith wrote:
>
>     Still off topic, but perhaps a BGP feed from Cymru or similar to 
> block IP
>     addresses on the list?
>
>     Regards,
>
>     Mike

Prev by Date: Great Suggestion for the DNS problem...?
Next by Date: Software router state of the art
Previous by thread: Great Suggestion for the DNS problem...?
Next by thread: Possible prod to people to upgrade DNS
Index(es):
- Date
- Thread