Re: Exploit for DNS Cache Poisoning - RELEASED

• From: Steven M. Bellovin
• Date: Thu Jul 24 10:44:27 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

On Thu, 24 Jul 2008 09:10:13 -0500
"Jorge Amodio" <[email protected]> wrote:

> >
> > Sure, I can empathize, to a certain extent. But this issue has
> > been known for 2+ weeks now.
> >
> 
> Well we knew about the DNS issues since long time ago (20+yrs
> perhaps?), so the issue is not new, just the exploit is more easy to
> put together and chances for it to succeed are much higher.
> 
This is important.  Kaminsky took a known concept and did the hard
engineering work to make it feasible.  To slightly misuse a quote
that's more often applied to crypto, "amateurs worry about algorithms;
pros worry about economics".  The economics of the attack have now
changed.  (And we need to get DNSSEC deployed before they change even
further.)


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

• Follow-Ups:
  • Re: Exploit for DNS Cache Poisoning - RELEASED Jorge Amodio

• References:
  • Re: Exploit for DNS Cache Poisoning - RELEASED Paul Ferguson
  • Re: Exploit for DNS Cache Poisoning - RELEASED Jorge Amodio

• Prev by Date: Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
• Next by Date: Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
• Date Index
• Thread Index
• Author Index
• Historical