[dns-operations] Subverting BIND's SRTT Algorithm Derandomizing NS Selection
Paul Ferguson
fergie at people.ops-trust.net
Tue May 6 17:56:03 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi Peter,
On 5/6/2014 10:50 AM, Peter Losher wrote:
> On 6 May 2014, at 9:09, Paul Ferguson wrote:
>
>> Can anyone from ISC (bind maintainer) comment on this
>> vulnerability, especially regarding what versions are affected
>> and if a fix is available?
>>
>> https://www.usenix.org/conference/woot13/workshop-program/presentation/hay
>
>>
> We/ISC posted a Operational notice on this last August:
> https://kb.isc.org/article/AA-01030
>
I also notice this in the note:
"ISC plans to address this deficiency by reimplementing the SRTT
algorithm in future maintenance releases of the BIND 9 code."
Was this reimplementation done, and if so, what version was it
implemented?
Apologies -- I am not a BIND expert by any stretch of the imagination...
Thanks,
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlNpIjMACgkQKJasdVTchbKJBAD/Skj2J/cayJAJNZ4O36QN+MiJ
652QT868T1uLQ9QxBGsBALooRPCTZztcu4WcfgBJtUgabnq1SI5b4K8U4m3srYdq
=Zayg
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list