Full Disclosure mailing list archives
Re: DNS spoofing issue. Thoughts on
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Sat, 26 Jul 2008 17:10:58 -0500
--On Saturday, July 26, 2008 8:34 PM +0100 imipak <imipak () gmail com> wrote:
The attack isn't "impossible", it's more like "1% chance *per hour* that your IDS doesn't notice and stop the attempts". Big difference...The information that I have says it's statistically impossible *if* you are patched.It's not statistically impossible; it just takes 2^16 times longer. And as Joe Greco observed on NANOG:But realizing that going from 11 seconds to (11 * 64512 =) 8.21 days is not a significant jump from the PoV of an attacker would certainly have factored into my decision-making process.
How shall I put this? If you don't notice a dns cache poisoning attack for 8.21 days, you *deserve* to have your cache poisoned. (Not that anyone ever deserves to be hacked, but there *is* such a thing as criminal negligence.)
Paul Schmehl As if it wasn't already obvious, my opinions are my own and not those of my employer.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: DNS spoofing issue. Thoughts on imipak (Jul 26)
- Re: DNS spoofing issue. Thoughts on Paul Schmehl (Jul 26)
- Message not available
- Re: DNS spoofing issue. Thoughts on n3td3v (Jul 26)
- Re: [inbox] Re: DNS spoofing issue. Thoughts on Exibar (Jul 26)
- Re: DNS spoofing issue. Thoughts on n3td3v (Jul 26)
- <Possible follow-ups>
- Re: DNS spoofing issue. Thoughts on Paul Szabo (Jul 26)
- Re: DNS spoofing issue. Thoughts on Valdis . Kletnieks (Jul 26)
- Re: DNS spoofing issue. Thoughts on Glenn.Everhart (Jul 27)
- Re: DNS spoofing issue. Thoughts on Valdis . Kletnieks (Jul 30)
- Re: DNS spoofing issue. Thoughts on John D. Reason (Jul 27)