nanog mailing list archives
Re: how to protect name servers against cache corruption
From: Ben Black <black () zen cypher net>
Date: Tue, 29 Jul 1997 22:30:33 -0400 (EDT)
so a statement from paul that the internet is effectively broken until DNSSEC is acceptable to you even if there are known ways to combat known attacks? stop worshipping long enough to think about the ramifications of this. ben On Tue, 29 Jul 1997, Perry E. Metzger wrote:
Paul has made it clear that there are holes in the DNS protocols that cannot be fixed without DNSSEC. He isn't papering anything over -- he is merely describing reality. If you want to be sarcastic to him for doing his best and being honest in public, well, that's fine, but frankly I think you are doing the community a serious disservice by attacking Paul. .pm "Thomas H. Ptacek" writes:BIND 4.9.6 and 8.1.1 are immune to all known attacks, including the one[ splice ]I know of attacks we are not immune to, which cannot be stopped withoutUm. I hate to play semantic games, but if you know of attacks that BIND 8.1.1 is not immune to, then BIND 8.1.1 is not immune to all known attacks. Since this is not a security list, I'll refrain from (rhetorically) informing you that history doesn't back up your assertion of the existence of "holes that only the good guys know". Oops. Sorry about that. Thanks for clearing this up! ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf () enteract com] ---------------- "If you're so special, why aren't you dead?"
Current thread:
- Re: how to protect name servers against cache corruption, (continued)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Christopher Masto (Jul 29)
- Re: how to protect name servers against cache corruption tqbf (Jul 29)
- Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 30)
- Re: how to protect name servers against cache corruption tqbf (Jul 30)
- Re: how to protect name servers against cache corruption Deepak Jain (Jul 30)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 30)
- Message not available
- Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)
- off-topic (Re: how to protect name servers against cache corruption ) Paul A Vixie (Jul 29)
- Re: off-topic (Re: how to protect name servers against cache corruption ) Larry Vaden (Jul 29)
- Re: off-topic (Re: how to protect name servers against cache corruption ) Ben Black (Jul 30)
- Re: how to protect name servers against cache corruption Lon R. Stockton, Jr. (Jul 29)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)
- Re: how to protect name servers against cache corruption tqbf (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Paul Ferguson (Jul 29)