[dns-operations] DNS Attack over UDP fragmentation

Haya Shulman haya.shulman at gmail.com
Tue Sep 10 15:40:56 UTC 2013


Yes, I was referring to porttest.
Best.


On Mon, Sep 9, 2013 at 6:27 PM, Keith Mitchell <keith at dns-oarc.net> wrote:

> On 09/09/2013 06:07 AM, Haya Shulman wrote:
>
> > For instance, DNS-OARC does not detect port prediction attacks, and
> > reports clients as secure, while they are vulnerable to attacks.
>
> OARC does many things, I assume here you are referring to our port
> entropy tester:
>
>         https://www.dns-oarc.net/oarc/services/porttest
>
> > I contacted the maintainers of DNS-OARC and notified them of this
> > vulnerability last year, and proposed a simple fix to the problem...
> > but the system was not updated and still reports vulnerable systems
> > as secure, so relying on its feedback may be risky.
>
> I didn't see that communication, so I can only assume it pre-dated my
> current OARC tenure. Thanks for the heads-up and apologies it did not
> get responded to. If you could please re-send me what you sent off-list,
> we'll see about getting your proposed fix incorporated into the tool
> and/or an appropriate caveat meantime.
>
> Keith
>
>


-- 
Best Regards,
S.H.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130910/62094afd/attachment.html>


More information about the dns-operations mailing list