[dns-operations] summary of recent vulnerabilities in DNS security.
dougb at dougbarton.us
Tue Oct 22 06:12:13 UTC 2013
On 10/21/2013 08:54 AM, Keith Mitchell wrote:
> Applying the same 5-years' now-outside hindsight to this, the benefits
> of all that port randomization work seem murky at best - does anyone
> have data on many real Kaminsky cache-poisoning attacks took place in
> that time ?
The Kaminsky vulnerability was clear, and while not trivial to exploit
was quite doable. The work that ISC and others did to address this was a
huge service to the community. If it had not been done, I'm sure things
in the last 5 years would have been pretty ugly.
> The Herzberg/Shulman attacks seem even harder to exploit in
> a real (as opposed to la) environment
I can't judge that, but I think the math that says focus on things that
we see in the wild over things generally agreed to be academic/unlikely
is a good one.
More information about the dns-operations