oss-sec mailing list archives

Re: DNS vulnerability: other relevant software

From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 13 Jul 2008 20:51:10 +0200

* Bernhard R. Link:

if there are many queries, I think attacking only gets harder, because
guessing the order of requests gets harder to predict, adding more
variables.


Right.

I'm also looking forward to this. I was under the impression that is was
common knowledg that dns is simply insecure, everyone trusting on it is
insane, and security issues meaning it is easier to hijack than it
should be (like dns servers accepting answers for things they never
asked for and things like that).


Online banking security mainly relies on the integrity of DNS and
routing.  (Bert's DNS forgery resilience draft actually covers this, and
I think he's right.)

Current thread:

DNS vulnerability: other relevant software Matthias Geerdsen (Jul 09)
- Re: DNS vulnerability: other relevant software The Fungi (Jul 09)
  - Re: DNS vulnerability: other relevant software Mark J Cox (Jul 09)
    - Re: DNS vulnerability: other relevant software Florian Weimer (Jul 09)
    - Re: DNS vulnerability: other relevant software Eugene Teo (Jul 09)
    - Re: DNS vulnerability: other relevant software Eugene Teo (Jul 09)
    - Re: DNS vulnerability: other relevant software Eugene Teo (Jul 10)
    - Re: DNS vulnerability: other relevant software Nathanael Hoyle (Jul 10)
    - Re: DNS vulnerability: other relevant software Bernhard R. Link (Jul 11)
    - Re: DNS vulnerability: other relevant software Nathanael Hoyle (Jul 11)
    - Re: DNS vulnerability: other relevant software Florian Weimer (Jul 13)
    - Re: DNS vulnerability: other relevant software Florian Weimer (Jul 12)
    - Re: DNS vulnerability: other relevant software Eugene Teo (Jul 09)
- Re: DNS vulnerability: other relevant software Robert Buchholz (Jul 09)
- Re: DNS vulnerability: other relevant software Thomas Biege (Jul 10)