[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    Re: how to protect name servers against cache corruption
From:       "Thomas H. Ptacek"  <tqbf () enteract ! com>
Date:       1997-07-30 2:24:04
[Download RAW message or body]

> Paul has made it clear that there are holes in the DNS protocols that
> cannot be fixed without DNSSEC. He isn't papering anything over -- he

Thank you for clearing this up. For the record, my only intention is to
clarify the facts surrounding the DNS security issues that have been
popularized by the recent Alternic attacks. I think I have done this. To
reiterate: BIND 8.1.1 is not immune to all the variants of the attack used
by the Alternic, and there are very real security problems that remain
(and will continue to remain) until the implementation of DNSSEC
(according to Mr. Vixie).

As this thread is now rapidly losing it's operations context (as well as
it's informative value), I'd suggest we now move towards killing it.

Thanks!

----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com]
----------------
"If you're so special, why aren't you dead?"

[prev in list] [next in list] [prev in thread] [next in thread]