mailing list archives
Re: The cat is indeed out of the bag
From: "mokum von Amsterdam" <smokum () gmail com>
Date: Wed, 23 Jul 2008 16:57:53 +0200
On Wed, Jul 23, 2008 at 4:22 PM, Robert McKay <robert () mckay com> wrote:
On Tue, Jul 22, 2008 at 3:36 AM, <monsieur.aglie () hushmail com> wrote:
from chargen 19/udp by ecopeland
The cat is out of the bag. Yes, Halvar Flake figured out the flaw
Dan Kaminsky will announce at Black Hat.
I believe I may have found an important optimisation to this attack.
Basically I observed that if you make a DNS request with a very long QNAME
then nameservers start dropping GLUE records in order to fit the reply into
the maximum UDP packet size.
Are you not supposed to keep DNS issues under your hat and disclose at BH only?
Mark Andrews wrote:
... I like simple tools.
This is the list for you then -- there are lots of folk meeting the
description here... --- Nick FitzGerald
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/