nanog mailing list archives
Re: how to protect name servers against cache corruption
From: tqbf () smtp enteract com
Date: 30 Jul 1997 00:02:07 -0000
In article <199707222024.NAA14009 () wisdom rc vix com>, you wrote:
a BIND 4.9.6 or 8.1.1 server is immune. so, you could upgrade. to so do, see http://www.isc.org/isc/ which will lead you to ftp://ftp.isc.org/isc/. (the root name servers are all running modern software at this point.)
Immune to which attack? The poisoned resource-record attack? The ID guessing attack? How have you confirmed that 8.1.1 is not vulnerable to related attacks? Since, as you say, this has an "operations" context (the integrity of the Internet domain service in realistic danger), it might be appropriate and appreciated for you to detail the steps you and the ISC have taken to resolve these problems in BIND 8.1.1. Does 8.1.1 validate resource records? Does it use random query IDs? My understanding of Kashpureff's attack was that it was of minimal complexity (specifically, that he ripped off some kid's cname-bouncing script). I am therefore concerned at what appears to be the use of his apparently unsophisticated attack as a metric for the security of BIND 8.1.1. Thanks for reading this, and for your time! -- ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf () enteract com] ---------------- exit(main(kfp->kargc, argv, environ));
Current thread:
- how to protect name servers against cache corruption Paul A Vixie (Jul 22)
- Re: how to protect name servers against cache corruption Robert Bowman (Jul 22)
- Re: how to protect name servers against cache corruption Michael Dillon (Jul 22)
- Re: how to protect name servers against cache corruption Deepak Jain (Jul 22)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 22)
- Re: how to protect name servers against cache corruption Juergen Georgi (Jul 22)
- Re: how to protect name servers against cache corruption Karl Denninger (Jul 22)
- Re: how to protect name servers against cache corruption tqbf (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)