Mick wrote:
Hi All,
Have you seen this?
http://uk.news.yahoo.com/afp/20080709/ttc-us-it-internet-software-crime-e0bba4a.html
and this?
http://www.doxpara.com/
Is it merely a matter of using the right version of bind (for those who run a
bind daemon locally), or does it go further than that?
This note from the author of maradns might help understand the issue.
(FWIW, maradns is straightforward and simple if you want to try it on an
interim basis 'til bind is fixed.)
"MaraDNS is immune to the new cache poisoning attack. MaraDNS has
always been immune to this attack. Ditto with Deadwood (indeed,
people can use MaraDNS or Deadwood on the loopback interface to
protect their machines from this attack).
OK, basically, this is an old problem DJB wrote about well over seven
years ago. The solution is to randomize both the query ID and the
source port; MaraDNS/Deadwood do this (and have been doing this since
around the time of their first public releases that could resolve DNS
queries) using a cryptographically strong random number generator
(MaraDNS uses an AES variant; Deadwood uses the 32-bit version of
Radio Gatun).
- Sam
--
gentoo-user@lists.gentoo.org mailing list
