On Mon, 15 Oct 2018 at 04:51, Paul Wouters via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:
>
> On Oct 14, 2018, at 21:09, jsha--- via dev-security-policy 
> <dev-security-policy@lists.mozilla.org> wrote:
> >
> > There’s a paper from 2013 outlining a fragmentation attack on DNS that 
> > allows an off-path attacker to poison certain DNS results using IP 
> > fragmentation[1]. I’ve been thinking about mitigation techniques and I’m 
> > interested in hearing what this group thinks.
> >
>
> The mitigation is dnssec. Ensure your data is cryptographically protected.

That would be nice, but as that is not available to everyone, a
comprehensive solution is also desirable.

-tom
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to