[dns-operations] the mathematics of kaminsky spoofing probability
shane at ca.afilias.info
Mon Aug 4 09:29:02 UTC 2008
On Mon, 2008-08-04 at 14:44 +0700, Roland Dobbins wrote:
> On Aug 4, 2008, at 2:33 PM, Shane Kerr wrote:
> > The only real outcome that I see is to highlight the seriousness of
> > the problem. (Or possibly to show that it is not very serious.)
> Situational awareness is a key (if not THE key) element of operational
> security. There is tremendous value in knowing if this is taking
> place, and 'where'. Not only ICMP unreachables should be monitored,
> but query/response heuristics for NXDOMAIN, as well if at all possible.
I'm not going to disagree, but rather repeat my question:
What can the operator of an authoritative server do if the operator
detects someone trying to spoof queries on its server?
More information about the dns-operations