[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning
Randy Bush
randy at psg.com
Thu Jul 10 07:40:33 UTC 2008
> all of the attacks described or mitigated by
>
> http://www.ietf.org/internet-drafts/draft-ietf-dnsext-forgery-resilience-05.txt
>
> rely on spoofing the IP source address. i would go as far as to say that if
> BCP38 were universally implemented, there would be no forgery-resilience draft
> and no CERT VU#800113 and no need for udp source port randomization nor for
> http://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00.
if it prevents ietf draft attacks, then i am massively for it :)
randy
More information about the dns-operations
mailing list