North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Exploit for DNS Cache Poisoning - RELEASED
On Thu, 24 Jul 2008, Paul Ferguson wrote: finally deployment.Let's hope some very large service providers get their act together real soon now.
Several of the ISPs with complex DNS clusters are patching and upgrading them; however the current state of some of the patches wouldn't support the query load those providers normally experience. So they've been working on alternative mitigation strategies. However, its difficult to now if the alternative strategies actually mitigate the actual threat without knowing the actual threat. And finally, there probably are some providers who haven't made plans to change their DNS. Unfortunately, the testing tools can't read minds (yet), so its difficult to know which ISPs are in this category.
|