nanog mailing list archives

Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?

From: "Jason Frisvold" <xenophage0 () gmail com>
Date: Thu, 24 Jul 2008 16:58:29 -0400

On Thu, Jul 24, 2008 at 1:14 PM, Paul Vixie <vixie () isc org> wrote:

in spite of that caution i am telling you all, patch, and patch now.  if you
have firewall or NAT configs that prevent it, then redo your topology -- NOW.
and make sure your NAT isn't derandomizing your port numbers on the way out.

and if you have time after that, write a letter to your congressman about the
importance of DNSSEC, which sucks green weenies, and is a decade late, and
which has no business model, but which the internet absolutely dearly needs.


So is this patch a "true" fix or just a temporary fix until further
work can be done on the problem?  I listened to Dan's initial
presentation and I've read a lot of speculation since then.  I've also
taken a look at the various blog entries that detail the problem.  I
believe I understand what the issue is and I can see how additional
randomization helps.  But it that truly an end-all fix, or is this
just the initial cry to stop short-term hijacking?

-- 
Jason 'XenoPhage' Frisvold
XenoPhage0 () gmail com
http://blog.godshell.com

Current thread:

Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?, (continued)
- - - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? David W. Hankins (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Sean Donelan (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? William Pitcock (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Paul Vixie (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Sean Donelan (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Paul Vixie (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Sean Donelan (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Paul Vixie (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Sean Donelan (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Ken A (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Jason Frisvold (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Jay R. Ashworth (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Paul Vixie (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Valdis . Kletnieks (Jul 24)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Jared Mauch (Jul 25)
    - Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Jorge Amodio (Jul 25)
    - Federal Government Interest in your patch progress Jared Mauch (Jul 25)
    - Re: Federal Government Interest in your patch progress Jorge Amodio (Jul 25)
    - Re: Federal Government Interest in your patch progress Jared Mauch (Jul 25)
    - Re: Federal Government Interest in your patch progress Steven M. Bellovin (Jul 25)
    - Re: Federal Government Interest in your patch progress Stephane Bortzmeyer (Jul 29)

(Thread continues...)