--On Saturday, July 26, 2008 8:34 PM +0100 imipak <imipak@xxxxxxxxx> wrote:
The attack isn't "impossible", it's more like "1% chance *per hour* that your IDS doesn't notice and stop the attempts". Big difference...The information that I have says it's statistically impossible *if* you are patched.It's not statistically impossible; it just takes 2^16 times longer. And as Joe Greco observed on NANOG:But realizing that going from 11 seconds to (11 * 64512 =) 8.21 days is not a significant jump from the PoV of an attacker would certainly have factored into my decision-making process.
How shall I put this? If you don't notice a dns cache poisoning attack for 8.21 days, you *deserve* to have your cache poisoned. (Not that anyone ever deserves to be hacked, but there *is* such a thing as criminal negligence.)
Paul Schmehl As if it wasn't already obvious, my opinions are my own and not those of my employer.
Attachment:
p7s7PQ48NQG35.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/