Untitled
|
| Author | Content |
|---|---|
| pat Jul 10, 2008 2:43 AM EDT |
http://www.doxpara.com/?p=1162Quoting:DJB was right. All those years ago, Dan J. Bernstein was right: Source Port Randomization should be standard on every name server in production use. |
| gus3 Jul 10, 2008 7:31 AM EDT |
And why just the name servers? |
| tuxchick Jul 10, 2008 3:28 PM EDT |
I've been reading everything I can on this, and I still don't get it- how is this different from plain-vanilla cache poisoning? Sure, DJB was a bit prescient in using port randomization, but how does that do anything more than slow down a determined attacker? The whole DNS system still operates on a foundation of trusting almost everyone. |
| jezuch Jul 10, 2008 10:11 PM EDT |
Quoting:how is this different from plain-vanilla cache poisoning? It's another way to do cache poisoning. I mean, poisoning is the effect, not the essence :) Quoting:The whole DNS system still operates on a foundation of trusting almost everyone. Yes, that's very unfortunate, because otherwise it's a very nice system. I heard of attempts to establish a cryptographic chain of trust in DNS, but they didn't get far (for the same reason IPv6 is still not widely deployed). |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!