Kaminsky finds DNS exploit
Florian Weimer
fw at deneb.enyo.de
Sun Jul 13 14:50:37 EDT 2008
* Jack Lloyd:
> Perhaps there is something subtle here that is more dangerous than the
> well known problems, and all these source port randomization and
> transaction id randomization fixes are just a smokescreen of sorts for
> a fix for something Dan found.
It's not a smokescreen, it's a statistical workaround.
CERT/CC mentions this:
| It is important to note that without changes to the DNS protocol, such
| as those that the DNS Security Extensions (DNSSEC) introduce, these
| mitigations cannot completely prevent cache poisoning.
<http://www.kb.cert.org/vuls/id/800113>
> A statement from the MaraDNS author [3]:
>
> """
> MaraDNS is immune to the new cache poisoning attack.
I think the CERT/CC statement is more approriate.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list