[dns-operations] the mathematics of kaminsky spoofing probability
Roland Dobbins
rdobbins at cisco.com
Mon Aug 4 07:44:00 UTC 2008
On Aug 4, 2008, at 2:33 PM, Shane Kerr wrote:
> The only real outcome that I see is to highlight the seriousness of
> the problem. (Or possibly to show that it is not very serious.)
Situational awareness is a key (if not THE key) element of operational
security. There is tremendous value in knowing if this is taking
place, and 'where'. Not only ICMP unreachables should be monitored,
but query/response heuristics for NXDOMAIN, as well if at all possible.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // +66.83.266.6344 mobile
History is a great teacher, but it also lies with impunity.
-- John Robb
More information about the dns-operations
mailing list