Bugtraq mailing list archives
Re: glibc resolver weakness
From: djb () CR YP TO (D. J. Bernstein)
Date: Sun, 7 May 2000 02:17:43 -0000
Steven M. Bellovin writes: [ random ID to make blind DNS packet forgery more difficult ]
16 bits was far too small to do it right,
Unpredictable IDs and port numbers make large-scale blind forgeries vastly more expensive. That's more than DNSSEC has ever accomplished. See http://cr.yp.to/dnscache/forgery.html for further comments.
http://www.research.att.com/~smb/papers/dnshack.ps
Cache poisoning is a solved problem. A modern DNS cache simply discards records outside the server's bailiwick. ---Dan
Current thread:
- Re: glibc resolver weakness Steven M. Bellovin (May 03)
- Re: glibc resolver weakness D. J. Bernstein (May 06)
- Re: glibc resolver weakness Gary Ellison (May 08)
- AOL Instant Messenger Daniel P. Stasinski (May 08)
- Re: AOL Instant Messenger Oppenheimer, Max (May 09)
- New Allaire Security Zone Bulletin Posted Aleph One (May 08)
- Advisory: Netopia R9100 router vulnerability Stephen Friedl (May 08)
- Re: Advisory: Netopia R9100 router vulnerability Gary L. Burnore (May 09)
- Re: Advisory: Netopia R9100 router vulnerability Rob Tashjian (May 10)
- Microsoft Security Bulletin (MS00-031) Microsoft Product Security (May 10)
- Re: Advisory: Netopia R9100 router vulnerability Jeffrey Paul (May 13)
- "ClientSideTrojan" bug Kragen Sitaker (May 09)
- Re: Advisory: Netopia R9100 router vulnerability Gary L. Burnore (May 09)
(Thread continues...)