nanog mailing list archives
Emerging Threats SNORT [Was: Re: Exploit for DNS Cache Poisoning - REL EASED]
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Thu, 24 Jul 2008 04:27:12 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Paul Ferguson" <fergdawg () netzero net> wrote:
-- Jared Mauch <jared () puck nether net> wrote:If your nameservers have not been upgraded or you did not enable the proper flags, eg: dnssec-enable and/or dnssec-validation as applicable, I hope you will take another look.Let's hope some very large service providers get their act together real soon now. http://www.hackerfactor.com/blog/index.php?/archives/204-Poor-DNS.html
Sorry to respond to my own post, but I thought this might be of interest to the list. Matt Jonkman, over at Emerging Threats (previously known as Bleeding Threats) has a 'prototype' SNORT sig for these attacks -- try it out and provide feedback, if you are so inclined. http://www.emergingthreats.net/content/view/87/9/ - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIiASRq1pz9mNUZTMRAmjnAKDYOmtUbm+er2OBUfjxcGdNWggOlgCfYbkn V8pibFdRpbHul2PrZu0oBg0= =QPWh -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Current thread:
- Emerging Threats SNORT [Was: Re: Exploit for DNS Cache Poisoning - REL EASED] Paul Ferguson (Jul 23)