[dns-operations] summary of recent vulnerabilities in DNS security.

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Oct 25 12:14:38 UTC 2013


On Thu, Oct 24, 2013 at 09:11:41AM +0300,
 Daniel Kalchev <daniel at digsys.bg> wrote 
 a message of 247 lines which said:

> This is not an attack on DNS, but an attack on IP reassembly
> technology.

Frankly, I do not share this way of seeing things. Since the DNS is,
by far, the biggest user of UDP and since TCP is already protected by
PMTUD, I do not think we can say it's not our problem.

> This might happen even due to malfunctioning network adapter or
> other network device, not necessarily an "attack".

A random modification by a malfunctioning device or an errant cosmic
ray has a very small probability of being accepted (UDP checksum, DNS
checks, etc). We are talking here about a deliberate attack, by a
blind attacker.




More information about the dns-operations mailing list