[Cryptography] DNS subverted to spy on N Korea

[Tom Mitchell]

On Mon, Jan 19, 2015 at 7:19 AM, Henry Baker <hbaker1 at pipeline.com> wrote:

> FYI -- If DNS is this easy to hack, we're all in big trouble; DNS needs to
> be secured ASAP.
>
> "NSA secretly hijacked existing malware to spy on N. Korea, others"

 .....
"This in turn tells me two things: no one can assume that a zero-day
exploit that's been used is not known by other actors who have similar
collection capabilities, and we need DNSSEC to protect ourselves from
fraudulent DNS results."


Yes.

I am curious what has been done and what can be done with the existing DNS
infrastructure.
I am curious what game routers can play as well.

At first glance I would cache previous DNS answers and compare and contrast
TTL values
and answers as they change over time from multiple DNS servers.

It is troubling to think that I could reach out to an IP address and be
routed to a different hostile machine
by a compromised router.   This could foil an answer from a secure DNS
server.
.
These all demand additional authentication and communication that
is durable enough to suffer MITM games as well.

One obvious solution context is corporate communication where both ends are
owned
by a single entity.    The next is trusted neighbors.... Both need  a
"trust but verify"
protocol.






-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150121/14aeae14/attachment.html>