[dns-operations] All Too Quiet?

Patrick W. Gilmore patrick at ianai.net
Mon Jul 28 21:17:22 UTC 2008


On Jul 28, 2008, at 4:15 PM, Florian Weimer wrote:
> * Jon Kibler:
>
>> Has anyone observed any real DNS scans other than those of known test
>> programs or researchers? I am not aware of any scans of significance.
>> So, this is why I ask: Why is it so quiet?
>
> It's difficult to monetize this vulnerability in the existing  
> ecosystem.
> It will take some time until the bad guys figure out how to use this
> stuff to make money.  Before that, someone will certainly try to enter
> the footsteps of Herostratus.

Difficult?  I thought of a dozen ways to "monetize" this vulnerability  
when it was first announced.  I am positive the "miscreants" know how  
to do it better than I.

Why haven't they used it yet?  Well, I am not sure they have not.   
Assuming they have not used it yet, well, I can't tell you why.

Unfortunately, I doubt they are in a hurry for fear everyone will  
patch before they get around to it.  What's more, the people who will  
not patch are also the people least likely to notice they are under  
attack. :(

-- 
TTFN,
patrick



>> Let's look at the current state of affairs from a management
>> perspective:
>
> It does not matter if there are any attacks or not.  The fact that you
> haven't patched leaks to the general Internet in some way, creating
> reputation risk.  Or put differently, if you don't patch, you fail to
> offer to your customers and business partners state-of-the-art
> protection.
>
> Most management types get this, especially once they realize that they
> are required to document their decision to accept the risk.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
>




More information about the dns-operations mailing list