[dns-operations] CERT VU#800113 Multiple DNS implementations vulne rable to cache poisoning
Patrick W. Gilmore
patrick at ianai.net
Thu Jul 10 05:56:41 UTC 2008
On Jul 10, 2008, at 5:16, "Paul Ferguson" <fergdawg at netzero.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -- "Patrick W. Gilmore" <patrick at ianai.net> wrote:
>
>> On Jul 10, 2008, at 12:27 AM, Paul Vixie wrote:
>>
>
>>> in 2002 i also attempted to demystify BCP38 since we all know that
>>> without
>>> IP source address repudiability, no noncrypto UDP based protocol is
>>> safe:
>>>
>>> http://www.icann.org/committees/security/sac004.txt
>>
>> I don't think any sane person disagrees that BCP38 is vital.
>>
>
> Apparently lots of folks (maybe more than 50%?) disagree with you.
>
> BCP38, unfortunately, seems to be considered unimportant by most
> of the Internet.
>
> Can you expand on that?
I said "sane" which excludes most of the 'Net (including, aparently,
Randy :-).
As for Randy's "fud" comment, please note all the things for which
Randy has fought, e.g. MD5 on BGP sessions, and compare that to the
actual and potential damage caused by spoofed packets.
As the recipient of more than one spoofed source attack, I assure you
they are real and evil.
--
TTFN,
patrick
>
> - - ferg (BCP38 Protagonist)
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.3 (Build 3017)
>
> wj8DBQFIdZsuq1pz9mNUZTMRAhcqAJ4p1QFAKoMvOinxSpoV7K77+AlaOACeKFjm
> eM7OvwShSux7NPgxYRv171o=
> =0wYU
> -----END PGP SIGNATURE-----
>
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet
> fergdawg(at)netzero.net
> ferg's tech blog: http://fergdawg.blogspot.com/
>
More information about the dns-operations
mailing list