[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning
Jay Daley
jay at nominet.org.uk
Thu Jul 10 09:29:46 UTC 2008
vixie at isc.org wrote on 10/07/2008 07:28:06:
> lack of universal BCP38 deployment drives up the cost of everything else
we
> develop or deploy -- it's the hidden tax on everything we do. the
possibility
> of attacks which spoof IP source addresses has to be accounted for in
every
> design, and it's a risk that must be constantly and unendingly managed.
and
> that's a personal statement, dependendent upon facts not in evidence. i
> prefer to note that if all men are mortal and socrates is a man then
socrates
> is mortal, yet if IP spoofing isn't in daily universal use, but it could
be
> used by almost anybody at almost any time, then BCP38 deployment is
vital.
I completely agree. The failure of the ISP community to universally
implement BCP38 is an utterly shameful evasion of their responsibilities.
When the regulators come calling at the ISPs door with some real intent to
sort out Internet security, then I for one will have no sympathy
whatsoever for pleas from the ISPs for reasonable regulation.
Jay
More information about the dns-operations
mailing list