North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: how to protect name servers against cache corruption

  • From: Greg A. Woods
  • Date: Sat Aug 02 23:55:10 1997

[ On Thu, July 31, 1997 at 09:15:03 (-0700), Michael Dillon wrote: ]
> Subject: Re: how to protect name servers against cache corruption
> At 3:54 AM -0400 7/31/97, Alexander O. Yuriev wrote:
> >> a. not talk publicly about this lest the cracker community learn too much
> >
> >Sure. Now how do you propose to make sure that only good guys know about
> >bad things? Mathematically it is impossible. It is a set theory
> I don't propose to "make sure" that only good guys know, I just suggest
> that it is better to not spread the info publicly when you don't know who
> is listening in. Why make the bad guys job easier?

The bad guys already know.  They're often the ones who discover the
problems in the first place and even if they aren't you can be sure
they'll find out once the "experts" do..  All that happens when people
try and restrict information about incidents is that the number of
people focusing on the solution is reduced, often drasically to below
the critical mass necessary to solve the problem once and for all.

The only minor gain that can be had from controlling this information is
that egos are less bruised and the truely amateur crackers may not learn
of various faults.  This is really only useful for those barn-door sized
problems where any joe could wander through and wreak havoc even without

Now from an operations point of view it may be best to not give away too
many details before the experts get a look and definitely don't reveal
the impact of a given attack on your organization unless you already
have a good handle on it.

However this group in particular should be making wide and frequent use
of this list and others like it to notify each other (and the experts)
of things they should be looking out for and precautions that should be

Please do reduce the exposure some of these old myths get though and
debunk them as fully as possible.

							Greg A. Woods

+1 416 443-1734      VE3TCP      <[email protected]>      <robohack!woods>
Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>