nanog mailing list archives

Re: how to protect name servers against cache corruption

From: "Thomas H. Ptacek" <tqbf () enteract com>
Date: Tue, 29 Jul 1997 21:51:23 -0500 (CDT)

Sure, smart guy. And there are also issues with IP packets
which are passed across untrusted nodes in the Internet.
What exactly is your point?


Why are you asking me questions after having placed me in your killfile?

To answer your question briefly: there are fixes for both the poisoned-RR
problem (extensive validity checking and non-caching cut-through
responses), as explained by Johannes Erdfelt, and there are fixes for the
guessable-ID problem (randomized query IDs backed up by server-survival
assurances using "cookie" queries, along with a attack detection mechanism
that reduces the entire problem to a denial-of-service attack). Neither of
these involve DNSSEC.

You are being told that the Internet is essentially broken until DNSSEC is
implemented. Some people feel this is not the case. I am one of them. You
have my apologies if my means of expressing this seem unacceptable to you.

Thanks for taking the time to write!

----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf () enteract com]
----------------
"If you're so special, why aren't you dead?"

Current thread:

Re: how to protect name servers against cache corruption, (continued)
- - - Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
    - Re: how to protect name servers against cache corruption Ben Black (Jul 29)
    - off-topic (Re: how to protect name servers against cache corruption ) Paul A Vixie (Jul 29)
    - Re: off-topic (Re: how to protect name servers against cache corruption ) Larry Vaden (Jul 29)
    - Re: off-topic (Re: how to protect name servers against cache corruption ) Ben Black (Jul 30)
    - Re: how to protect name servers against cache corruption Lon R. Stockton, Jr. (Jul 29)
    - Re: how to protect name servers against cache corruption Ben Black (Jul 29)
    - Re: how to protect name servers against cache corruption tqbf (Jul 29)
    - Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
    - Re: how to protect name servers against cache corruption Paul Ferguson (Jul 29)
    - Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
    - Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
    - Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
    - Re: how to protect name servers against cache corruption Randy Bush (Jul 29)
- Re: how to protect name servers against cache corruption Francois Beauregard (Jul 29)
- RE: how to protect name servers against cache corruption Dan Dale (Jul 30)
- Re: how to protect name servers against cache corruption James R. Cutler (Jul 30)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 30)
  - Re: how to protect name servers against cache corruption Systems Engineer (Jul 30)
  - Message not available
    - Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 30)

(Thread continues...)