nanog mailing list archives

Re: how to protect name servers against cache corruption

From: Michael Dillon <michael () priori net>
Date: Thu, 31 Jul 1997 11:05:11 -0700

I don't propose to "make sure" that only good guys know, I just suggest
that it is better to not spread the info publicly when you don't know who
is listening in. Why make the bad guys job easier?

The bad guys already know.  They're often the ones who discover the
problems in the first place and even if they aren't you can be sure
they'll find out once the "experts" do.


I know. The smart bad guys almost always find these holes before the good
guys. But there are lots of not-so-smart bad guys and these folks are far
more likely to actually use their knowledge maliciously. These people are
not neccessarily plugged in to the same channels of info as the smart bad
guys and these not-so-smart folks are the ones that we can slow down by
being more discreet about what we discuss in public.

 All that happens when people
try and restrict information about incidents is that the number of
people focusing on the solution is reduced, often drasically to below
the critical mass necessary to solve the problem once and for all.


My experience is that it only takes one or two smart people to solve this
kind of problem. And I strongly doubt that those people will be on this
list since they are much more likely to be on lists that discuss
theoretical issues.

However this group in particular should be making wide and frequent use
of this list and others like it to notify each other (and the experts)
of things they should be looking out for and precautions that should be
taken.


The experts can be notified in private rather than by shotgunning various
public mailing lists. This list is better used for practical actions that
people can take today.



********************************************************
Michael Dillon                    voice: +1-415-482-2840
Senior Systems Architect            fax: +1-415-482-2844
PRIORI NETWORKS, INC.              http://www.priori.net

"The People You Know.  The People You Trust."
********************************************************

Current thread:

Re: how to protect name servers against cache corruption, (continued)
- - - Re: how to protect name servers against cache corruption Michael Dillon (Aug 02)
    - Re: how to protect name servers against cache corruption Randy Bush (Aug 02)
    - Re: how to protect name servers against cache corruption Paul A Vixie (Aug 02)
  - Re: how to protect name servers against cache corruption Robert T. Nelson (Aug 02)
- Re: how to protect name servers against cache corruption Michael Dillon (Aug 02)
  - Re: how to protect name servers against cache corruption Gary E. Miller (Aug 02)
  - Re: how to protect name servers against cache corruption Aleph One (Aug 02)
    - Re: how to protect name servers against cache corruption Paul A Vixie (Aug 02)
    - Re: how to protect name servers against cache corruption Aleph One (Aug 02)
  - Re: how to protect name servers against cache corruption Greg A. Woods (Aug 02)
    - Re: how to protect name servers against cache corruption Michael Dillon (Aug 02)