Interesting People mailing list archives
more on Big holes in net's heart revealed
From: David Farber <dave () farber net>
Date: Mon, 1 May 2006 07:21:50 -0400
Begin forwarded message: From: Jaap Akkerhuis <jaap () NLnetLabs nl> Date: May 1, 2006 6:17:47 AM EDT To: Carl Malamud <carl () media org> Cc: dave () farber net Subject: Re: [IP] Big holes in net's heart revealed Being in the talk I might to comment that it was all more a sales talk for a Distributed Hash Table based alternative (which has it's own problems). There was a lot of FUD presented.
Hi Dave - Here is their paper in case anybody wants to read the details: http://www.cs.cornell.edu/People/egs/papers/dnssurvey.pdf A simple takeaway ... upgrade your nameserver. There is no excuse to be running 5-year old versions of software on a machine that provides critical infrastructure. CarlSomething "well known" but not advertised till now. djf
It is advertised all the time in various place. Warnings about outdated software gets ignored all the time. Surveys have been done showing how many broken servers are still in production, but nobody seems to listen, especially people running those servers. To Quote Mans Nilsson from the RIPE dns-wg mailing list:"Yes, we know. Emin's work points out some of the far-gone consequences
of not paying attention. We are, however pretty convinced that: 1. The mentioned examples are extremes. Most of the namespace is in considerably better order. 2. DNS has historically been a neglected part of the qualitycontrol most web site operators perform. It simply is so redundant
and ubiquitous that it not is seen as a critical part. 3. The ultimate fix for this is DNSSEC." Emin said that DNSSEC wouldn't help. And there are of course different styles of what is correct. The zone farber.net has small problems depending who you ask (http://www.zonecheck.fr/demo/ or http://dnsreport.com/). None of these test tell you that the servers for this domain can be abused for a dns amplification attacks (recursion enabled). jaap ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Big holes in net's heart revealed David Farber (May 01)