[dns-operations] DNS issue accidentally leaked?

Robert Edmonds edmonds at gtisc.gatech.edu
Tue Jul 22 05:20:59 UTC 2008

Barry Raveendran Greene wrote:
> > ISC is also working on a BPF-based IDS for this, as part of SIE.
> I'll get the sig from our IDP guys in the morning. They put it into the July
> 8th sig release and described it as checking "random source." 

just calculating the stdev of the sport on your recursors is trivial to
do, and does nothing to detect kaminsky-style attacks on a recursor
performing proper sport randomization.

now we wander off into the heuristics...

Robert Edmonds
edmonds at gtisc.gatech.edu

More information about the dns-operations mailing list