nanog mailing list archives
Re: how to protect name servers against cache corruption
From: Paul A Vixie <vixie () vix com>
Date: Wed, 30 Jul 1997 11:09:24 -0700
someone asked me a question in private e-mail that deserves a public answer.
1) How exactly did Eugene Kashperuff propogate this "RR poisoning" across the Internet? From NANOG's previous mailings I can deduce that it was along the lines of dig @victim -t ns www.alternic.net. Where www.alternic.net had duff A records.
yes.
2) What were/are the symptoms of this attack? www.internic.net resolving to www.alternic.net?
yes.
3) If it was that easy to do, why hasn't it happened again?
because that particular attack only works if you are willing to get caught. since eugene did this as a publicity stunt (which, i understand, has now begun to backfire on him since his victims didn't interpret it that way), he _needed_ to be caught.
3a) What measures were taken (other than discussion of DNSSEC, or lack of it) to 'cure' affected servers?
upgrade to bind-4.9.6 or bind-8.1.1.
4) How can I check for cache corruption?
"dig @0 www.netsol.com a" and "dig @cache00.ns.uu.net www.netsol.com a" and check for differences.
Apologies if any of the above sound moronic or ill-informed; extracting facts from reams of "what is a backhoe" mail list is a painfully slow task. Time for some filters I think...
no apologia needed. public explainations of this attack have been poor, even and especially by me. i'm grateful for the opportunity to improve on that.
Current thread:
- Re: how to protect name servers against cache corruption, (continued)
- Re: how to protect name servers against cache corruption tqbf (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Paul Ferguson (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
- Re: how to protect name servers against cache corruption Randy Bush (Jul 29)
- Re: how to protect name servers against cache corruption Systems Engineer (Jul 30)
- Message not available
- Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
- Re: how to protect name servers against cache corruption Michael Dillon (Jul 30)
- Re: how to protect name servers against cache corruption Alexander O. Yuriev (Jul 31)