[dns-operations] DNS Attack over UDP fragmentation
haya.shulman at gmail.com
Tue Sep 10 15:40:56 UTC 2013
Yes, I was referring to porttest.
On Mon, Sep 9, 2013 at 6:27 PM, Keith Mitchell <keith at dns-oarc.net> wrote:
> On 09/09/2013 06:07 AM, Haya Shulman wrote:
> > For instance, DNS-OARC does not detect port prediction attacks, and
> > reports clients as secure, while they are vulnerable to attacks.
> OARC does many things, I assume here you are referring to our port
> entropy tester:
> > I contacted the maintainers of DNS-OARC and notified them of this
> > vulnerability last year, and proposed a simple fix to the problem...
> > but the system was not updated and still reports vulnerable systems
> > as secure, so relying on its feedback may be risky.
> I didn't see that communication, so I can only assume it pre-dated my
> current OARC tenure. Thanks for the heads-up and apologies it did not
> get responded to. If you could please re-send me what you sent off-list,
> we'll see about getting your proposed fix incorporated into the tool
> and/or an appropriate caveat meantime.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations