EC> Date: 30 Dec 2002 14:33:33 +0300 EC> From: Eugene Crosser
EC> I can suggest something like this: Cool. The root zone's presence also is a nice touch... one can AXFR it from some of the roots, but downloading a compressed file with PGP signature is much better. Thanks. (Last time I checked ftp.rs.internic.net, I'm virtually positive they lacked the PGP signatures. It's admittedly been a few years, though.) The irony of what you suggest is that it requires DNS lookups for the PGP keyserver and the FTP site -- a chance for spoofing. Of course, one would need to subvert the lookups _and_ have a phony key that looked authentic, which complicates things a bit. A general note I should have posted earlier: The simplest chance to inject a malicious DNS response is if one is on the same ethernet segment as the requestor. Sniff DNS traffic, generate a legitimate-looking response (proper port, DNS query ID, etc.) and send it before the real one can arrive. Brute-force attacks also are easier when one has LAN bandwidth. One more reason to let your resolvers live on their own VLAN segment(s) and to prevent anyone from spoofing them... Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
