[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning
Sean Donelan
sean at donelan.com
Thu Jul 10 07:14:39 UTC 2008
On Thu, 10 Jul 2008, Randy Bush wrote:
>>> http://www.icann.org/committees/security/sac004.txt
>> I don't think any sane person disagrees that BCP38 is vital.
>
> bcp38 is useful but not vital. we do not suffer serious spoofing
> attacks despite years of fud about it. and it is not really critical to
> this particular vulnerability. but it sure is religion for some people.
Is the level of DNS cache poisoning and IP packet spoofing attacks in the
wild similar?
Despite the fud about it, if there aren't serious DNS poisoning attacks
will it still be considered critical? Or will it just be one
more thing people don't care about? Heck, people are willing to
point-click-change their DNS client settings to point to various
untrustworthy name servers without needing to go through the trouble of
cache poisoning.
Of course, many hosts learn which DNS servers to use with insecure
DHCP.
More information about the dns-operations
mailing list