[dns-operations] CERT VU#800113 Multiple DNS implementations vulne rable to cache poisoning

Paul Ferguson fergdawg at netzero.net
Thu Jul 10 06:38:29 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Randy Bush <randy at psg.com> wrote:

>and there have been some attacks which bcp 38 would have ameliorated.
>
>but not one wsj level attack on either vector.  so, as you said
>*potential*.  
>

And thank goodness. I hate those WSJ attacks. :-)

Aside from being goofy on this, the point I guess I'm trying to
make is something along the lines of "...what can be properly
deployed to defend against possible attacks, when most people are
apathetic towards the possibility of being attacked?"

Of course, this is not a technical issue, and I should probably
crawl away back under my rock, but this is certainly an operational
issue, methinks.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIda5dq1pz9mNUZTMRAhpPAKDR16Q+lTzgVoQUNEPlbBXV/pOBnACgpTNT
5zMCa7RnKuiIhdesa9UjzR4=
=cIF3
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the dns-operations mailing list