Re: SANS: DNS Bug Now Public?

• From: Jorge Amodio
• Date: Wed Jul 23 12:16:39 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

Let me add that folks need to understand that the "patch" is not a fix to a
problem that has been there for long time and
it is just a workaround to reduce the chances for a potential
attack, and it must be combined with best practices and
recommendations to implent a more robust DNS setup.

There are plenty of documents out there (check cert.org for example) that
can provide some guidance.

Perhaps this situation will help move things on the DNSSEC front, as far as
I remember there are some IETF drafts on
the standards track addressing these issues.
Cheers
Jorge
On Wed, Jul 23, 2008 at 2:31 AM, Steven M. Bellovin <[email protected]>
wrote:

>  On Tue, 22 Jul 2008 08:00:51 -0500
> "Jorge Amodio" <[email protected]> wrote:
>
> > It has been public for a while now. Even on the print media, there
> > are some articles about it on the latest Computerworld mag without
> > giving too much detail about how to exploit it.
> >
> > ie PATCH NOW !!!
> >
> Kaminsky's blog says "Patch.  Today.  Now. Yes, stay late."
>
>
>                --Steve Bellovin, http://www.cs.columbia.edu/~smb
>

• Follow-Ups:
  • Re: SANS: DNS Bug Now Public? Joe Abley

• References:
  • SANS: DNS Bug Now Public? Jon Kibler
  • Re: SANS: DNS Bug Now Public? Jorge Amodio
  • Re: SANS: DNS Bug Now Public? Steven M. Bellovin

• Prev by Date: Re: Software router state of the art
• Next by Date: Re: Software router state of the art
• Date Index
• Thread Index
• Author Index
• Historical