[dns-operations] DNS issue accidentally leaked?
Robert Edmonds
edmonds at gtisc.gatech.edu
Tue Jul 22 05:20:59 UTC 2008
Barry Raveendran Greene wrote:
> > ISC is also working on a BPF-based IDS for this, as part of SIE.
>
> I'll get the sig from our IDP guys in the morning. They put it into the July
> 8th sig release and described it as checking "random source."
just calculating the stdev of the sport on your recursors is trivial to
do, and does nothing to detect kaminsky-style attacks on a recursor
performing proper sport randomization.
now we wander off into the heuristics...
--
Robert Edmonds
edmonds at gtisc.gatech.edu
More information about the dns-operations
mailing list