DNS spoofing vulnerability

marty marty at goodoldmarty.com
Wed Jul 16 09:09:39 PDT 2008


> You're right, none of the BIND server stuff relates to you - I think  
> AT&T should be able to upgrade their servers in time, if they haven't  
> already. We're only discussing it because you brought it up.
> 
Actually it was you who brought it up with that "Chicken
Little" routine:)

> If you want to check on AT&T's progress, execute this command  
> [assuming you have dig installed]:
> 
> dig +short porttest.dns-oarc.net TXT
That just shows the level of source port randomness for a
given resolver. Poor randomness in itself does not
constitute a vulnerability but it is a prerequisite for
Kaminsky's sploit, and others to work.

People have been attacking DNS successfully since it was
introduced. DNS attacks don't target single individuals but
instead attack the trusted DNS infrastructure to misdirect
the end users. This means only the big players are the
logical targets anyway, not HLFS users.

Marty B.


-- 
Electile Dysfunction : the inability to become aroused over
any of the
choices for President put forth by either party in the 2008
election.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080716/58f484dd/attachment.sig>


More information about the hlfs-dev mailing list