Re: DNSSEC Deployment

[Jason Frisvold <frisvolj () LAFAYETTE EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/17/2010 04:43 PM, Joe St Sauver wrote:
> Just to mention three examples:
>
> -- ATT Austin Texas
>    http://www.pcworld.com/businesscenter/article/149126/dns_attack_wri
>    ter_a_victim_of_his_own_creation.html (URL split due to length)
>
> -- Brasilian Banks
>    http://www.theregister.co.uk/2009/04/22/bandesco_cache_poisoning_attack/
>
> -- China Netcom
>    http://securitylabs.websense.com/content/Alerts/3163.aspx

While all three of these appear to have occurred *after* the Kaminsky
vulnerability was released, there doesn't seem to be any indication as
to whether these systems were patched.

Poisoning a cache that has been patched to randomize query IDs takes a
significant amount of time and generates a lot of traffic.  It is also
fairly easy to detect as I believe signatures exist for most of the
major IDS vendors.

> Regards,
>
> Joe


- --
- ---------------------------
Jason Frisvold
Network Engineer
frisvolj () lafayette edu
- ---------------------------
"What I cannot create, I do not understand"
   - Richard Feynman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvxr7gACgkQO80o6DJ8UvkI9gCfcXm2Uk3nHrQHplrBqtBwPo40
tAkAn38Qc8O3ySTVUDLVOwzYHqzWSN0X
=xOIH
-----END PGP SIGNATURE-----