[dns-operations] DNS issue accidentally leaked?

Matthew Pounsett matt.pounsett at cira.ca
Tue Jul 22 05:15:19 UTC 2008


On 22-Jul-2008, at 01:00 , Alperovitch, Dmitri wrote:

> How is this attack really different from the birthday attack  
> described by
> Joe Stewart and others in 2002?  Perhaps a slide variation on it but I
> wouldn't call it earthshakingly new...

This is exactly the kind of thing we've all been trying to fight since  
the public announcement.  I'm not going to help spread the bad by  
posting details here, but suffice to say that an un-patched caching  
server could have google.com poisoned within a few minutes.  A really  
poor implementation of the exploit might take as long as a half hour.   
When you do see the details, you will smack your own forehead for not  
seeing its simplicity earlier, and for not heeding the warnings and  
patching everything in sight when you had the chance.

Matt


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20080722/64828379/attachment.sig>


More information about the dns-operations mailing list