Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion)
From: "Robert Holgstad" <rholgstad () gmail com>
Date: Tue, 15 Jul 2008 18:23:02 -0500

yes you better listen to Paul. He handles windows updates for a large
network and was the second person to subscribe to a list full of trolls.

On Tue, Jul 15, 2008 at 10:47 AM, Paul Schmehl <pschmehl_lists () tx rr com>
wrote:

--On Tuesday, July 15, 2008 09:14:39 +1000 Mark Andrews <
Mark_Andrews () isc org>
wrote:

      And the best solution to this attack is to deploy DNSSEC.
      You don't care where the response comes from provide the
      signatures are good.


Except that DNSSEC is going to have to improve dramatically to achieve
widespread adoption.  Right now it's a PITA to understand and implement and
then 30 days later you have to do it all over again.  Frankly, it's not
worth
the effort until the technology improves enough to make it easier to
implement
and maintain.

I know you don't want to hear that, but that's the truth.

--
Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault