nanog mailing list archives
Re: DNS cache poisoning attacks -- are they real?
From: Alex Bligh <alex () alex org uk>
Date: Sat, 26 Mar 2005 22:36:05 +0000
--On 26 March 2005 23:23 +0100 Florian Weimer <fw () deneb enyo de> wrote:
Should we monitor for evidence of hijacks (unofficial NS and SOA records are good indicators)? Should we actively scan for authoritative name servers which return unofficial data?
And what if you find them? I seem to remember a uu.net server (from memory ns.uu.net) many many years ago had some polluted data out there as an A record. All bright and bushy-tailed I told the UUnet folks about this. They were resigned. Someone, somewhere, had mistyped an IP address, and it had got into everyone's glue, got republished by anyone and everyone, and in essence had no chance of going away. Now I understand (a little) more about DNS than I did at the time so I now (just about) know how DNS servers should avoid returning such info (where they are both caching and authoritative), but I equally know this is built upon the principle no-one does anything actively malicious. The only way you are going to prevent packet level (as opposed to organization level) DNS hijack is get DNSSEC deployed. Your ietf list is over ------> there. Alex
Current thread:
- DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Alex Bligh (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Sean Donelan (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Sean Donelan (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Jeff Kell (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Joe Abley (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Sean Donelan (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Joe Abley (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Niels Bakker (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Alex Bligh (Mar 26)