nanog mailing list archives

Re: what if...?

From: Jared Mauch <jared () puck nether net>
Date: Tue, 20 Dec 2011 12:00:28 -0500


On Dec 20, 2011, at 11:37 AM, Eduardo A. Suárez wrote:

Hi,

what if evil guys hack my mom ISP DNS servers and use RPZ to redirect traffic from mom_bank.com to evil.com?

How can she detect this?


Thankfully mom_bank.com is not valid, as underscores aren't valid in dns names :)

Additionally, SSL certificates combined with DNSSEC/DANE can provide some protection.  Some of this technology may not 
be available today, but is worth tracking if you are interested in this topic.

- Jared

Current thread:

what if...? Eduardo A. Suárez (Dec 20)
- RE: what if...? Matlock, Kenneth L (Dec 20)
- Re: what if...? Valdis . Kletnieks (Dec 20)
  - Re: what if...? bmanning (Dec 20)
  - Message not available
    - Re: what if...? Valdis . Kletnieks (Dec 20)
    - Re: what if...? Michael Sinatra (Dec 20)
- Re: what if...? Jared Mauch (Dec 20)
  - Re: what if...? Christian de Larrinaga (Dec 20)
    - Re: what if...? Seth Mattinen (Dec 20)
    - Message not available
    - Re: what if...? Seth Mattinen (Dec 20)
- Re: what if...? Marshall Eubanks (Dec 20)
  - Re: what if...? Jeroen van Aart (Dec 22)
    - Re: what if...? Steven Bellovin (Dec 22)
- Re: what if...? Ken Gilmour (Dec 20)
- Re: what if...? Mark Andrews (Dec 20)