funsec mailing list archives
Re: Leaks in Patch for Web Security Hole
From: Paul Vixie <vixie () isc org>
Date: Mon, 11 Aug 2008 03:17:27 +0000
Well then we're completely screwed because nothing is going to get DNSSEC implemented quickly, and the 10 hour number is going to get shorter with improvements in hardware and increased parallelism.
this ain't like that. rate limiting is a simple fix, if your RDNS happens to have a GigE path all the way back to the attacker population, you can put in a software firewall rule limiting ingres to 10Mbit per source IP and this attack recedes. note that most RDNS' are connected by a lot less than GigE on their full path toward possible attackers, so this is largely theoretical. so while Polyakov's attack is another reason to invest in DNSSEC for the long term, it is NOT a reason to panic again in the immediate/short/medium term. -- Paul Vixie -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Leaks in Patch for Web Security Hole Richard M. Smith (Aug 09)
- Re: Leaks in Patch for Web Security Hole Valdis . Kletnieks (Aug 09)
- Re: Leaks in Patch for Web Security Hole Larry Seltzer (Aug 10)
- Re: Leaks in Patch for Web Security Hole Gadi Evron (Aug 10)
- Re: Leaks in Patch for Web Security Hole Åke Nordin (Aug 10)
- Re: Leaks in Patch for Web Security Hole Paul Vixie (Aug 10)
- Re: Leaks in Patch for Web Security Hole Larry Seltzer (Aug 10)
- Re: Leaks in Patch for Web Security Hole Valdis . Kletnieks (Aug 09)