nanog mailing list archives
Re: Multiple DNS implementations vulnerable to cache poisoning
From: Sean Donelan <sean () donelan com>
Date: Wed, 9 Jul 2008 13:55:52 -0400 (EDT)
On Wed, 9 Jul 2008, Steven M. Bellovin wrote:
How many ISPs run DNS servers for customers? Start by signing those zones -- that has to be done in any event. Set up caching resolvers to verify signatures. "It is not your part to finish the task, yet you are not free to desist from it." (From the Talmud, circa 130.) No, I didn't say it would be easy, but if we don't start we're not going to get anywhere.
Are these the same ISPs that haven't started implementing other anti-spoofing controls like BCP38++? What is the estimated completion date to stop all spoofed IP packets, included but only DNS spoofing?
Current thread:
- Re: Multiple DNS implementations vulnerable to cache poisoning, (continued)
- Re: Multiple DNS implementations vulnerable to cache poisoning Joe Greco (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Lynda (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Jeffrey Ollie (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Steven M. Bellovin (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Christopher Morrow (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Steven M. Bellovin (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Christopher Morrow (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Steven M. Bellovin (Jul 09)
- RE: Multiple DNS implementations vulnerable to cache poisoning Martin Hannigan (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Sean Donelan (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Christopher Morrow (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Joe Abley (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning David Conrad (Jul 09)
- RE: Multiple DNS implementations vulnerable to cache poisoning michael.dillon (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning David Conrad (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Leo Bicknell (Jul 10)
- Re: Multiple DNS implementations vulnerable to cache poisoning Randy Bush (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning David Conrad (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Randy Bush (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning David Conrad (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Randy Bush (Jul 09)