nanog mailing list archives
re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
From: Paul Vixie <vixie () isc org>
Date: Thu, 24 Jul 2008 05:55:19 +0000
this is for whoever said "it's just a brute force attack" and/or "it's the same attack that's been described before". maybe it goes double if that person is also the one who said "my knowledge in this area is out of date". grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr. re: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
--- Begin Message --- From: Paul Vixie <vixie () isc org>
Date: Tue, 22 Jul 2008 18:10:42 +0000
The difference is its use of additional RR records. The request is for some arbitrary sub domain like 12345.google.com, but your spoofed response also includes the record for www.google.comWhich is also decades old and well known. So at best, it's a 'new' attack that is a combination of 2 well-known/documented ones. Maybe I am somewhat disappointed because I expected a second coming/something truly novel (please note that I'm not discounting the seriousness of the issue, just commenting on its apparent novelty)downplay this all you want, we can infect a name server in 11 seconds now, which was never true before. i've been tracking this area since 1995. don't try to tell me, or anybody, that dan's work isn't absolutely groundbreaking. i am sick and bloody tired of hearing from the people who aren't impressed. every time some blogger says "this isn't new", another five universities and ten fortune 500 companies and three ISP's all decide not to patch. that means we'll have to wait for them to be actively exploited before they will understand the nature of the emergency. perhaps dan's defcon talk will open some remaining eyes among those glued shut by the pride and prejudice of the minds behind them. i am stunned, absolutely stunned, that there was a ready-to-go blog posting sitting in clear text on a network connected machine, written by tom ptacek who had whined about how the hacker community needed to be in the loop, waiting for the "publish" button to be hit "accidentally" by his wife. is this how the community rewards dan for trying to buy us all some time to protect the infrastructure? is this how the community plans to incentivize slow and careful disclosure of the next big flaw? we've exited another era in the disclosure debate, and not even dan knew it. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ dns-operations mailing list dns-operations () lists oarci net http://lists.oarci.net/mailman/listinfo/dns-operations
--- End Message ---
Current thread:
- re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Paul Vixie (Jul 23)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Joe Greco (Jul 24)
- RE: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? michael.dillon (Jul 24)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Joe Greco (Jul 24)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Paul Vixie (Jul 24)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Steve Tornio (Jul 24)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Duane Wessels (Jul 24)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Steve Tornio (Jul 24)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Ken A (Jul 24)
- RE: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Scott Berkman (Jul 24)
- RE: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Justin M. Streiner (Jul 24)
- RE: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? michael.dillon (Jul 24)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Joe Greco (Jul 24)