funsec mailing list archives
Re: Leaks in Patch for Web Security Hole
From: Gadi Evron <ge () linuxbox org>
Date: Sun, 10 Aug 2008 06:49:45 -0500 (CDT)
On Sun, 10 Aug 2008, Larry Seltzer wrote:
Vixie said "11 seconds". So the patch added a work factor of roughly3,600, rather than the 64K that *full* randomization would have added. Or he just got lucky and it happened to work in the first 5% of the attack...But then, it was *known* that the patches merely made it harder tohit the hole, and DNSSEC is needed to *totally* fix the issue. Well then we're completely screwed because nothing is going to get DNSSEC implemented quickly, and the 10 hour number is going to get shorter with improvements in hardware and increased parallelism.
I guess its time for DNS greylisting and DNS White Lists.
I can't wait for bind plugins.
DD:'ing dns-ops, let's move this discussion there.
Gadi.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Current thread:
- Leaks in Patch for Web Security Hole Richard M. Smith (Aug 09)
- Re: Leaks in Patch for Web Security Hole Valdis . Kletnieks (Aug 09)
- Re: Leaks in Patch for Web Security Hole Larry Seltzer (Aug 10)
- Re: Leaks in Patch for Web Security Hole Gadi Evron (Aug 10)
- Re: Leaks in Patch for Web Security Hole Åke Nordin (Aug 10)
- Re: Leaks in Patch for Web Security Hole Paul Vixie (Aug 10)
- Re: Leaks in Patch for Web Security Hole Larry Seltzer (Aug 10)
- Re: Leaks in Patch for Web Security Hole Valdis . Kletnieks (Aug 09)