Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion)
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Tue, 15 Jul 2008 21:32:40 -0500

--On July 15, 2008 10:22:56 PM -0400 Valdis.Kletnieks () vt edu wrote:

On Tue, 15 Jul 2008 20:46:57 CDT, Paul Schmehl said:
Perhaps that's because a cert problem on a web server breaks a single
webserver.  A cert problem with dns breaks an entire domain.

On the flip side, if you busticate DNS for the entire domain, you're
likely to *notice* it and *fix* it a lot faster.  "Dead in the water"
is, in some ways, actually preferrable to "damn, this may or may not
have been broken for the last 6 months - how many users just gave up and
never came back?"

Good point.

Paul Schmehl
If it isn't already obvious,
my opinions are my own and not
those of my employer.

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]