[dns-operations] DNS issue accidentally leaked?
Alan Clegg
alan at clegg.com
Tue Jul 22 11:41:38 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthew Pounsett wrote:
>
> On 22-Jul-2008, at 01:00 , Alperovitch, Dmitri wrote:
>
>> How is this attack really different from the birthday attack described by
>> Joe Stewart and others in 2002? Perhaps a slide variation on it but I
>> wouldn't call it earthshakingly new...
>
> This is exactly the kind of thing we've all been trying to fight since
> the public announcement. I'm not going to help spread the bad by
> posting details here, but suffice to say that an un-patched caching
> server could have google.com poisoned within a few minutes. A really
> poor implementation of the exploit might take as long as a half hour.
> When you do see the details, you will smack your own forehead for not
> seeing its simplicity earlier, and for not heeding the warnings and
> patching everything in sight when you had the chance.
http://alan.clegg.com/800113 (see slide #8).
AlanC (this slide deck is also available on ISC's site)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIhcdycKpYUrUDCYcRAppsAKCzHC9HtAo5S7HAFmYMJj2wFgOHzgCdGGI0
B3k0h3AxEB8JdKIbkHDIb+k=
=toJT
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list