There’s a paper from 2013 outlining a fragmentation attack on DNS that allows an off-path attacker to poison certain DNS results using IP fragmentation[1]. I’ve been thinking about mitigation techniques and I’m interested in hearing what this group thinks.
I've started a thread over at the Let's Encrypt community forum. Please feel free to join in if you have thoughts! https://community.letsencrypt.org/t/mitigating-dns-fragmentation-attack/74838 [1]: https://u.cs.biu.ac.il/~herzbea/security/13-03-frag.pdf _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy