[dns-operations] All Too Quiet?

Florian Weimer fw at deneb.enyo.de
Mon Jul 28 20:15:51 UTC 2008


* Jon Kibler:

> Has anyone observed any real DNS scans other than those of known test
> programs or researchers? I am not aware of any scans of significance.
> So, this is why I ask: Why is it so quiet?

It's difficult to monetize this vulnerability in the existing ecosystem.
It will take some time until the bad guys figure out how to use this
stuff to make money.  Before that, someone will certainly try to enter
the footsteps of Herostratus.

> Let's look at the current state of affairs from a management
> perspective:

It does not matter if there are any attacks or not.  The fact that you
haven't patched leaks to the general Internet in some way, creating
reputation risk.  Or put differently, if you don't patch, you fail to
offer to your customers and business partners state-of-the-art
protection.

Most management types get this, especially once they realize that they
are required to document their decision to accept the risk.



More information about the dns-operations mailing list