[dns-operations] DNS Attack over UDP fragmentation

Mike Hoskins (michoski) michoski at cisco.com
Wed Sep 4 15:38:00 UTC 2013


-----Original Message-----

From: Dan York <york at isoc.org>
Date: Wednesday, September 4, 2013 11:03 AM
To: Ondřej Surý <ondrej.sury at nic.cz>, DNS Operations
<dns-operations at lists.dns-oarc.net>
Subject: Re: [dns-operations] DNS Attack over UDP fragmentation

>Ondrej,
>
>On 9/4/13 9:08 AM, "Ondřej Surý" <ondrej.sury at nic.cz> wrote:
>
>>We gave it some thoughts here at CZ.NIC Labs and we think that the threat
>>is real and we are now trying to write a PoC code to prove the
>>theoretical concept.
>>
>>So what are the views of other people on this list?
>
>I attended the SAAG session, listened to the presentation and read through
>the materials with great interest. I left, though, not really sure I could
>understand how real of a threat this is in actual deployments.   I would
>certainly welcome PoC code that could help shed light on the severity of
>the issue.

Interesting indeed.  In reality, everyone should be thinking hard about
remediation at all levels right now (protocol enhancements are great, but
take time you won't have once a PoC exists).  If the vector has been
described, it's safe to assume people with more time and money are already
working on the PoC, and won't be sharing it.




More information about the dns-operations mailing list