nanog mailing list archives
Re: how to protect name servers against cache corruption
From: "Thomas H. Ptacek" <tqbf () enteract com>
Date: Tue, 29 Jul 1997 21:51:23 -0500 (CDT)
Sure, smart guy. And there are also issues with IP packets which are passed across untrusted nodes in the Internet. What exactly is your point?
Why are you asking me questions after having placed me in your killfile? To answer your question briefly: there are fixes for both the poisoned-RR problem (extensive validity checking and non-caching cut-through responses), as explained by Johannes Erdfelt, and there are fixes for the guessable-ID problem (randomized query IDs backed up by server-survival assurances using "cookie" queries, along with a attack detection mechanism that reduces the entire problem to a denial-of-service attack). Neither of these involve DNSSEC. You are being told that the Internet is essentially broken until DNSSEC is implemented. Some people feel this is not the case. I am one of them. You have my apologies if my means of expressing this seem unacceptable to you. Thanks for taking the time to write! ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf () enteract com] ---------------- "If you're so special, why aren't you dead?"
Current thread:
- Re: how to protect name servers against cache corruption, (continued)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)
- off-topic (Re: how to protect name servers against cache corruption ) Paul A Vixie (Jul 29)
- Re: off-topic (Re: how to protect name servers against cache corruption ) Larry Vaden (Jul 29)
- Re: off-topic (Re: how to protect name servers against cache corruption ) Ben Black (Jul 30)
- Re: how to protect name servers against cache corruption Lon R. Stockton, Jr. (Jul 29)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)
- Re: how to protect name servers against cache corruption tqbf (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Paul Ferguson (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
- Re: how to protect name servers against cache corruption Randy Bush (Jul 29)
- Re: how to protect name servers against cache corruption Systems Engineer (Jul 30)
- Message not available
- Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)