[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A Deep Dive on the Recent Widespread DNS Hijacking

Subject: A Deep Dive on the Recent Widespread DNS Hijacking
From: woody at pch.net (Bill Woodcock)
Date: Tue, 26 Feb 2019 01:56:34 -0800
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

> On Feb 24, 2019, at 10:03 PM, Hank Nussbacher <hank at efes.iucc.ac.il> wrote:
> Did you have a CAA record defined and if not, why not?

Itâ??s something weâ??d been planning to do but, ironically, weâ??d been in the process of switching to Letâ??s Encrypt, and they were one of the two CAs whose process vulnerabilities the attackers were exploiting.  So, in this particular case, it wouldnâ??t have helped.

I guess the combination of CAA with a very expensive, or very manual, CA, might be an improvement.  But itâ??s still a band-aid on a bankrupt system.

We need to get switched over to DANE as quickly as possible, and stop wasting effort trying to keep the CA system alive with ever-hackier band-aids.

                                -Bill

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190226/eafba04e/attachment.sig>

Follow-Ups:
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: sander at steffann.nl (Sander Steffann)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: bjorn at mork.no (Bjørn Mork)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: cb.list6 at gmail.com (Ca By)
- DANE, was A Deep Dive on the Recent Widespread DNS Hijacking
  - From: johnl at iecc.com (John Levine)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: Jacques.Latour at cira.ca (Jacques Latour)

References:
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: dougm at nist.gov (Montgomery, Douglas (Fed))
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: kmedcalf at dessus.com (Keith Medcalf)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: dougm at nist.gov (Montgomery, Douglas (Fed))
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: woody at pch.net (Bill Woodcock)
- A Deep Dive on the Recent Widespread DNS Hijacking
  - From: hank at efes.iucc.ac.il (Hank Nussbacher)

Prev by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Next by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Previous by thread: A Deep Dive on the Recent Widespread DNS Hijacking
Next by thread: A Deep Dive on the Recent Widespread DNS Hijacking
Index(es):
- Date
- Thread