[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
From: Paul Schmehl <pschmehl_lists@xxxxxxxxx>
Date: Tue, 15 Jul 2008 10:47:28 -0500

--On Tuesday, July 15, 2008 09:14:39 +1000 Mark Andrews <Mark_Andrews@xxxxxxx> 
wrote:
>
>       And the best solution to this attack is to deploy DNSSEC.
>       You don't care where the response comes from provide the
>       signatures are good.
>

Except that DNSSEC is going to have to improve dramatically to achieve 
widespread adoption.  Right now it's a PITA to understand and implement and 
then 30 days later you have to do it all over again.  Frankly, it's not worth 
the effort until the technology improves enough to make it easier to implement 
and maintain.

I know you don't want to hear that, but that's the truth.

-- 
Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
  - From: Mark Andrews
- Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
  - From: Robert Holgstad

References:
- Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
  - From: Mark Andrews

Prev by Date: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
Next by Date: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
Previous by thread: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
Next by thread: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
Index(es):
- Date
- Thread