nanog mailing list archives
Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
From: "Martin Hannigan" <hannigan () gmail com>
Date: Sat, 26 Jul 2008 21:16:46 -0400
How about blacklists for; Outdated and insecure IOS Outdated and insecure SSH Outdated and insecure Unix implementations Spam appliancesOutdated OS images everywhere Outdated and insecure dns Outdated and insecure proxies Outdated and insecure mysql, php, etc Richard Stallman for rms/rms One worthy example of leadership related to this current issue is RCN. They apparently scanned their customer networks for this vuln and called the vulnerable customer advising them of the problem and politely requesting a fix. Reinforces why full disclosure is better as well. Who got the early warnings? Better yet, who didn't? Best, Marty On 7/26/08, Sean Donelan <sean () donelan com> wrote:
On Sat, 26 Jul 2008, bmanning () vacation karoshi com wrote:there you go. the massive effort to patch would likley have better been spent to actually -sign- the stupid zones and work out key distribution. but no... running around like the proverbial headless chicken seems to get the PR.Maybe someone could publish a blacklist of vulnerable recursive name servers, and then F-Root, the other root name servers, and other "popular" sites could start refusing to answer queries from vunerable name servers until after the blacklist operator decides they've patched their recursive server sufficiently? Maybe that would get their attention and encourage them to apply resources to the problem? Extreme situations justify extreme measures; or how extreme do you believe justifies what measures?
-- Sent from Gmail for mobile | mobile.google.com
Current thread:
- Re: Federal Government Interest in your patch progress, (continued)
- Re: Federal Government Interest in your patch progress brett watson (Jul 25)
- Re: Federal Government Interest in your patch progress Sean Donelan (Jul 25)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Paul Vixie (Jul 24)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Jorge Amodio (Jul 25)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Randy Bush (Jul 26)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Paul Vixie (Jul 26)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Joe Greco (Jul 26)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? bmanning (Jul 26)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Sean Donelan (Jul 26)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? bmanning (Jul 26)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Martin Hannigan (Jul 26)