DNS spoofing vulnerability

marty marty at goodoldmarty.com
Thu Jul 17 02:55:37 PDT 2008


> Port randomization is the best cure for the Kaminsky exploit, short of  
> DNSSEC.
Perhaps the Mitnick attack was not enough lesson regarding
the dangers of predictability.

Rather than admit their irresponsibility the big money folks
at ISC and Microsoft have tried to make themselves out as
hero's by calling this a 'NEW" vulnerability, when in
reality this was contemplated, documented, and addressed by
other vendors years ago, including our benefactor, Robert.
> 
> Your statement about not being the target of the attack does not seem  
> to me to represent a smart attitude. The attack ultimately targets you  
> (as a pharming attack). The fact that it goes through a vulnerability  
> at AT&T doesn't change that. If I were you, I would be testing AT&T's  
> resolvers to see that they've been fixed. For myself, I spent an hour  
> on the phone with Comcast yesterday trying to convince them to fix the  
> resolvers they assign to me. If they don't by next week, I'll deploy  
> my own HLFS-based resolver. And because my little router uses NAT/PAT  
> and dnsmasq, I may be forced to retire it as well, replacing it with  
> an HLFS-based router (probably the same machine as my replacement  
> resolver).
> 
No the attack does not ultimately target me and in fact
they have nothing to gain and I have nothing to lose:)
I don't suddenly feel threatened by communication wires and
nobody else should either.

AT&T, Comcast, and all the others are "Corporate Entities"
without heart or conscience. They will only fix their
resolvers if/when it becomes profitable.

Marty B.
-- 
Electile Dysfunction : the inability to become aroused over
any of the
choices for President put forth by either party in the 2008
election.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080717/fe6c26b6/attachment.sig>


More information about the hlfs-dev mailing list