North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Multiple DNS implementations vulnerable to cache poisoning

  • From: Lynda
  • Date: Tue Jul 08 21:28:10 2008

Owen DeLong wrote:

The tool, unfortunately, only goes after the server it thinks you are
 using to recurse from the client where you're running your browser.

This makes it hard to test servers being used in production
environments without GUIs. The tool is not Lynx compatible.

Figures. It's becoming a pointy-clicky world. I don't like it much, either.


On Jul 8, 2008, at 5:12 PM, Lynda wrote:

This is also being covered over on the Defcon Forums. Jeff Moss has said that he'll post the link to the interview that Kaminsky is doing right now, after it's over.

Here's the direct link, for the curious:


Audio of Dan's press interview:

https://media.blackhat.com/webinars/...conference.mp3

I'll see whether someone can pry the code loose from Dan, rather than having it hidden under a button. As Christian Koch said, the tool isn't really directed at NANOG folk. I'm sure that it could be modified so that it was. I note that BIND has been updated on all your favorite operating systems, which should help some. Still, the updates just barely happened, and then the announcement hit.

--
In April 1951, Galaxy published C.M. Kornbluth's "The Marching Morons".
The intervening years have proven Kornbluth right.
                --Valdis Kletnieks