nanog mailing list archives

Re: Exploit for DNS Cache Poisoning - RELEASED

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Thu, 24 Jul 2008 10:43:14 -0400

On Thu, 24 Jul 2008 09:10:13 -0500
"Jorge Amodio" <jmamodio () gmail com> wrote:


Sure, I can empathize, to a certain extent. But this issue has
been known for 2+ weeks now.


Well we knew about the DNS issues since long time ago (20+yrs
perhaps?), so the issue is not new, just the exploit is more easy to
put together and chances for it to succeed are much higher.

This is important.  Kaminsky took a known concept and did the hard
engineering work to make it feasible.  To slightly misuse a quote
that's more often applied to crypto, "amateurs worry about algorithms;
pros worry about economics".  The economics of the attack have now
changed.  (And we need to get DNSSEC deployed before they change even
further.)


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Current thread:

Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning - RELEASED, (continued)
- - - Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning - RELEASED Gadi Evron (Jul 24)
    - RE: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning- RELEASED Martin Hannigan (Jul 24)
    - RE: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning- RELEASED Gadi Evron (Jul 24)
    - RE: TLD servers with recursion was Re: Exploit for DNS CachePoisoning- RELEASED Martin Hannigan (Jul 24)
    - Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning- RELEASED Steve Bertrand (Jul 27)
    - Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning- RELEASED Gadi Evron (Jul 24)
    - Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning- RELEASED Steven M. Bellovin (Jul 24)
    - Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning - Paul Vixie (Jul 24)
- Re: Exploit for DNS Cache Poisoning - RELEASED Paul Ferguson (Jul 23)
  - Re: Exploit for DNS Cache Poisoning - RELEASED Jorge Amodio (Jul 24)
    - Re: Exploit for DNS Cache Poisoning - RELEASED Steven M. Bellovin (Jul 24)
    - Re: Exploit for DNS Cache Poisoning - RELEASED Jorge Amodio (Jul 24)
    - Re: Exploit for DNS Cache Poisoning - RELEASED Paul Vixie (Jul 24)
    - Re: Exploit for DNS Cache Poisoning - RELEASED Paul Vixie (Jul 24)
    - Re: Exploit for DNS Cache Poisoning - RELEASED Eric Brunner-Williams (Jul 24)
    - RE: Exploit for DNS Cache Poisoning - RELEASED Tomas L. Byrnes (Jul 24)
    - Re: Exploit for DNS Cache Poisoning - RELEASED David Conrad (Jul 24)
    - Re: Exploit for DNS Cache Poisoning - RELEASED Valdis . Kletnieks (Jul 24)
    - Re: Exploit for DNS Cache Poisoning - RELEASED David Conrad (Jul 25)
    - Re: Exploit for DNS Cache Poisoning - RELEASED Alexander Harrowell (Jul 25)
    - Re: Exploit for DNS Cache Poisoning - RELEASED Paul Vixie (Jul 25)

(Thread continues...)