DNS spoofing vulnerability

marty marty at goodoldmarty.com
Sat Jul 12 10:37:27 PDT 2008


> I assume most of you have heard about the recent BIND/MS DNS updates  
> to somewhat address a new DNS spoofing attack vector discovered by Dan  
> Kaminsky.

This is NOT a new vulnerability. Kaminsky just got wise recently.
Bernstein made it public many years ago. Others have written about it too.
Djbns and PowerDNS were never affected because those authors knew about this
from the start. Why the big noise now?

Do you run public resolvers?
I think concerns about the resolver libs are misplaced, especially on HLFS.
Show how an attacker will exploit this before you let theory overcome logic.

Marty B.
-- 
Electile Dysfunction : the inability to become aroused over any of the
choices for President put forth by either party in the 2008 election.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080712/62b3693c/attachment.sig>


More information about the hlfs-dev mailing list