[Cryptography] DNS subverted to spy on N Korea
Tom Mitchell
mitch at niftyegg.com
Thu Jan 22 02:52:59 EST 2015
On Mon, Jan 19, 2015 at 7:19 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> FYI -- If DNS is this easy to hack, we're all in big trouble; DNS needs to
> be secured ASAP.
>
> "NSA secretly hijacked existing malware to spy on N. Korea, others"
.....
"This in turn tells me two things: no one can assume that a zero-day
exploit that's been used is not known by other actors who have similar
collection capabilities, and we need DNSSEC to protect ourselves from
fraudulent DNS results."
Yes.
I am curious what has been done and what can be done with the existing DNS
infrastructure.
I am curious what game routers can play as well.
At first glance I would cache previous DNS answers and compare and contrast
TTL values
and answers as they change over time from multiple DNS servers.
It is troubling to think that I could reach out to an IP address and be
routed to a different hostile machine
by a compromised router. This could foil an answer from a secure DNS
server.
.
These all demand additional authentication and communication that
is durable enough to suffer MITM games as well.
One obvious solution context is corporate communication where both ends are
owned
by a single entity. The next is trusted neighbors.... Both need a
"trust but verify"
protocol.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150121/14aeae14/attachment.html>
More information about the cryptography
mailing list