[dns-operations] DNS issue accidentally leaked?

Alperovitch, Dmitri dmitri_alperovitch at securecomputing.com
Tue Jul 22 15:54:07 UTC 2008

>The difference is its use of additional RR records. The request is for 
>some arbitrary sub domain like 12345.google.com, but your spoofed 
>response also includes the record for www.google.com

Which is also decades old and well known.  So at best, it's a 'new' attack
that is a combination of 2 well-known/documented ones. Maybe I am somewhat
disappointed because I expected a second coming/something truly novel
(please note that I'm not discounting the seriousness of the issue, just
commenting on its apparent novelty)


Dmitri Alperovitch
Director, Intelligence Analysis and Hosted Security
Secure Computing Corporation

More information about the dns-operations mailing list