Educause Security Discussion mailing list archives

Re: DNSSEC Deployment

From: Michael Sinatra <michael () RANCID BERKELEY EDU>
Date: Mon, 17 May 2010 16:49:50 -0700

On 05/17/10 14:24, John Kristoff wrote:

On Mon, 17 May 2010 17:06:00 -0400
Jason Frisvold<frisvolj () LAFAYETTE EDU>  wrote:

-- ATT Austin Texas
    http://www.pcworld.com/businesscenter/article/149126/dns_attack_wri
    ter_a_victim_of_his_own_creation.html (URL split due to length)

-- Brasilian Banks
    http://www.theregister.co.uk/2009/04/22/bandesco_cache_poisoning_attack/

-- China Netcom
    http://securitylabs.websense.com/content/Alerts/3163.aspx


While all three of these appear to have occurred *after* the Kaminsky
vulnerability was released, there doesn't seem to be any indication as
to whether these systems were patched.


Nor any conclusive evidence that any of these were as a result of the
Kaminsky style attack.   In fact, I recall the South American one for
sure was not.


Can you make the argument that they would not have been prevented had
DNSSEC been deployed?

Current thread:

Re: DNSSEC Deployment, (continued)
- Re: DNSSEC Deployment Michael Sinatra (May 17)
- Re: DNSSEC Deployment Joe St Sauver (May 17)
- Re: DNSSEC Deployment Michael Sinatra (May 17)
- Re: DNSSEC Deployment John Kristoff (May 17)
- Re: DNSSEC Deployment Jason Frisvold (May 17)
- Re: DNSSEC Deployment Jason Frisvold (May 17)
- Re: DNSSEC Deployment Bruce Curtis (May 17)
- Re: DNSSEC Deployment John Kristoff (May 17)
- Re: DNSSEC Deployment Michael Sinatra (May 17)
- Re: DNSSEC Deployment John Ladwig (May 17)
- Re: DNSSEC Deployment Michael Sinatra (May 17)