![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: how to protect name servers against cache corruption
From: Christopher Masto <chris () netmonger net>
Date: Wed, 30 Jul 1997 00:12:46 -0400
On Tue, Jul 29, 1997 at 09:55:48PM -0500, Thomas H. Ptacek wrote:
What I am asserting to you is that there are variants on this attack which are not currently fixed by BIND 8.1.1. On a related note, there are things that can be done to strengthen DNS implementations (such as BIND) against these attacks that do not involve DNSSEC.
(This being still basically on-topic as it relates to the security of a critical component..) Would either you or Ben Black please give an example of a change that fits the characteristics you have described? I see a lot of "Yes it can. No it can't. Yes it can." but nobody has actually supplied any _details_. Paul has written papers on DNS security, along with BIND itself, and I'm inclined to believe him when he says there are no more trivial fixes. If you know of one, why don't you share it? I'm not asking for code, just a description of what you want changed. Then someone will either implement it or find that it is flawed. -- = Christopher Masto = chris () netmonger net = http://www.netmonger.net/ = = NetMonger Communications = finger for PGP key = $19.95/mo unlimited access = = Director of Operations = (516) 221-6664 = mailto:info () netmonger net = v---(cut here)---v -- yourname () some dumb host com "Keep in mind that anything Kibo says makes a great sig." -- Kibo ^---(cut here)---^
Current thread:
- Re: how to protect name servers against cache corruption, (continued)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Christopher Masto (Jul 29)
- Re: how to protect name servers against cache corruption tqbf (Jul 29)
- Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 30)
- Re: how to protect name servers against cache corruption tqbf (Jul 30)
- Re: how to protect name servers against cache corruption Deepak Jain (Jul 30)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 30)
- Message not available
- Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)