Bugtraq mailing list archives

Re: glibc resolver weakness

From: djb () CR YP TO (D. J. Bernstein)
Date: Sun, 7 May 2000 02:17:43 -0000


Steven M. Bellovin writes:
  [ random ID to make blind DNS packet forgery more difficult ]

16 bits was far too small to do it right,


Unpredictable IDs and port numbers make large-scale blind forgeries
vastly more expensive. That's more than DNSSEC has ever accomplished.
See http://cr.yp.to/dnscache/forgery.html for further comments.

http://www.research.att.com/~smb/papers/dnshack.ps


Cache poisoning is a solved problem. A modern DNS cache simply discards
records outside the server's bailiwick.

---Dan

Current thread:

Re: glibc resolver weakness Steven M. Bellovin (May 03)
- Re: glibc resolver weakness D. J. Bernstein (May 06)
- Re: glibc resolver weakness Gary Ellison (May 08)
- AOL Instant Messenger Daniel P. Stasinski (May 08)
  - Re: AOL Instant Messenger Oppenheimer, Max (May 09)
- New Allaire Security Zone Bulletin Posted Aleph One (May 08)
- Advisory: Netopia R9100 router vulnerability Stephen Friedl (May 08)
  - Re: Advisory: Netopia R9100 router vulnerability Gary L. Burnore (May 09)
    - Re: Advisory: Netopia R9100 router vulnerability Rob Tashjian (May 10)
    - Microsoft Security Bulletin (MS00-031) Microsoft Product Security (May 10)
    - Re: Advisory: Netopia R9100 router vulnerability Jeffrey Paul (May 13)
  - "ClientSideTrojan" bug Kragen Sitaker (May 09)

(Thread continues...)