North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: EMAIL != FTP
On Sat, 26 May 2001 19:23:16 EDT, Mitch Halmu said: > Did I happen to mention MAPS in my post? I didn't. The argument was made > for ORBS, or any FOREIGN entity that blocks North American networks. > ORBS fans in this country will have lots of explaining to do and hell to > pay if any foreign entity exploits this weakness to attack US interests > in an international incident. For those who read Computerworld, a co-worker of mine was quoted on page 1 of the May 21 issue, saying "You can expect to see major liability lawsuits in the next 18 months or so". Better install those IIS patches *NOW* - I'm more concerned about a lawyer attack than an international terrorist attack.... OK.. so a hostile site *could* use DNS cache poisoning or hack the ORBS DNS servers to screw up your e-mail. On the other hand, you have the *EXACT* same vulnerability for *ANY* use of DNS. So unless you're using /etc/hosts exclusively, you have *bigger* problems if faced by a determined adversary. Frankly, if *I* were a determined adversary, the site's use of ORBS would be the least of their problems. I don't know.. maybe the foreign terrorists are like the Three Stooges - they DID catch the guys who bombed the World Trade Center when one of them tried to get back the deposit on the now-destroyed truck..... For bonus points - if anybody is both paranoid and anal-retentive enough to care about this sort of thing, I presume you *HAVE* edited your DNS cache hints to only include root name servers that are located on US soil, and reachable entirely by communications links that do not take a loop through non-US territories. THere *will* be hell to pay if foreign terrorists take over a root name server that's outside the US, after all.... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Attachment:
pgp00079.pgp
|