[dns-operations] DNS Attack over UDP fragmentation
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Sep 9 07:12:25 UTC 2013
On Fri, Sep 06, 2013 at 09:44:34PM +0300,
Haya Shulman <haya.shulman at gmail.com> wrote
a message of 232 lines which said:
> We studied the IPID randomisation on the name servers (not the resolvers).
Just a warning: it's IPID _unpredictability_ (for a blind attacker)
which is important. Randomisation can be bad because it creates the
risk of IPID duplication (see RFC 6274 but RFC 6056, while talking
about a different field, may be interesting too).
More information about the dns-operations
mailing list