[Cryptography] DNS subverted to spy on N Korea

Tom Mitchell mitch at niftyegg.com
Thu Jan 22 02:52:59 EST 2015

On Mon, Jan 19, 2015 at 7:19 AM, Henry Baker <hbaker1 at pipeline.com> wrote:

> FYI -- If DNS is this easy to hack, we're all in big trouble; DNS needs to
> be secured ASAP.
> "NSA secretly hijacked existing malware to spy on N. Korea, others"

"This in turn tells me two things: no one can assume that a zero-day
exploit that's been used is not known by other actors who have similar
collection capabilities, and we need DNSSEC to protect ourselves from
fraudulent DNS results."


I am curious what has been done and what can be done with the existing DNS
I am curious what game routers can play as well.

At first glance I would cache previous DNS answers and compare and contrast
TTL values
and answers as they change over time from multiple DNS servers.

It is troubling to think that I could reach out to an IP address and be
routed to a different hostile machine
by a compromised router.   This could foil an answer from a secure DNS
These all demand additional authentication and communication that
is durable enough to suffer MITM games as well.

One obvious solution context is corporate communication where both ends are
by a single entity.    The next is trusted neighbors.... Both need  a
"trust but verify"

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150121/14aeae14/attachment.html>

More information about the cryptography mailing list