|
Full Disclosure
mailing list archives
Re: DNS spoofing issue. Thoughts on
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Sat, 26 Jul 2008 17:10:58 -0500
--On Saturday, July 26, 2008 8:34 PM +0100 imipak <imipak () gmail com> wrote:
The attack isn't "impossible", it's more like "1% chance *per hour* that
your IDS doesn't notice and stop the attempts". Big difference...
The information that I have says it's statistically impossible *if*
you are patched.
It's not statistically impossible; it just takes 2^16 times longer.
And as Joe Greco observed on NANOG:
But realizing that going from 11 seconds to (11 * 64512 =) 8.21 days is
not a significant jump from the PoV of an attacker would certainly have
factored into my decision-making process.
How shall I put this? If you don't notice a dns cache poisoning attack for
8.21 days, you *deserve* to have your cache poisoned. (Not that anyone
ever deserves to be hacked, but there *is* such a thing as criminal
negligence.)
Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.
Attachment:
_bin
Description:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
