[dns-operations] summary of recent vulnerabilities in DNS security.
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Oct 25 12:14:38 UTC 2013
On Thu, Oct 24, 2013 at 09:11:41AM +0300,
Daniel Kalchev <daniel at digsys.bg> wrote
a message of 247 lines which said:
> This is not an attack on DNS, but an attack on IP reassembly
> technology.
Frankly, I do not share this way of seeing things. Since the DNS is,
by far, the biggest user of UDP and since TCP is already protected by
PMTUD, I do not think we can say it's not our problem.
> This might happen even due to malfunctioning network adapter or
> other network device, not necessarily an "attack".
A random modification by a malfunctioning device or an errant cosmic
ray has a very small probability of being accepted (UDP checksum, DNS
checks, etc). We are talking here about a deliberate attack, by a
blind attacker.
More information about the dns-operations
mailing list