North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: how to protect name servers against cache corruption

  • From: Michael Dillon
  • Date: Sat Aug 02 23:55:06 1997

>> I don't propose to "make sure" that only good guys know, I just suggest
>> that it is better to not spread the info publicly when you don't know who
>> is listening in. Why make the bad guys job easier?

>The bad guys already know.  They're often the ones who discover the
>problems in the first place and even if they aren't you can be sure
>they'll find out once the "experts" do.

I know. The smart bad guys almost always find these holes before the good
guys. But there are lots of not-so-smart bad guys and these folks are far
more likely to actually use their knowledge maliciously. These people are
not neccessarily plugged in to the same channels of info as the smart bad
guys and these not-so-smart folks are the ones that we can slow down by
being more discreet about what we discuss in public.

>  All that happens when people
>try and restrict information about incidents is that the number of
>people focusing on the solution is reduced, often drasically to below
>the critical mass necessary to solve the problem once and for all.

My experience is that it only takes one or two smart people to solve this
kind of problem. And I strongly doubt that those people will be on this
list since they are much more likely to be on lists that discuss
theoretical issues.

>However this group in particular should be making wide and frequent use
>of this list and others like it to notify each other (and the experts)
>of things they should be looking out for and precautions that should be
>taken.

The experts can be notified in private rather than by shotgunning various
public mailing lists. This list is better used for practical actions that
people can take today.



********************************************************
Michael Dillon                    voice: +1-415-482-2840
Senior Systems Architect            fax: +1-415-482-2844
PRIORI NETWORKS, INC.              http://www.priori.net

"The People You Know.  The People You Trust."
********************************************************