[dns-operations] Massive DNS poisoning attacks in Brazil

David Conrad drc at virtualized.org
Wed Oct 3 14:38:23 UTC 2012


On Oct 3, 2012, at 6:38 AM, Vernon Schryver <vjs at rhyolite.com> wrote:
> Any popular scheme that works around DNS, HTTP, ssh, etc.
> man-in-the-middle attacks that become popular will be blocked,
> proxied, or hijacked unless most users normally use tools that
> detect and refuse to work with men in the middle.

You're assuming the MITM attacks are intentional. My impression is that the majority of the issues in getting EDNS0-requiring protocols to work are due to ignorance, e.g., valid DNS responses are always UDP<512bytes or valid DNS types are {A,MX,SOA,NS,PTR,TXT}. If this is true, than egregious hack workarounds like using HTTP/S as a transport will solve most of the problem (not that I think this is the best solution).


More information about the dns-operations mailing list