Re: [dns-operations] AT&T DNS Cache Poisoning?

bert hubert Sat, 27 Oct 2012 22:56:20 -0700

On Sat, Oct 27, 2012 at 06:11:32PM -0700, David Conrad wrote:
> On Oct 27, 2012, at 1:37 PM, Robert Edmonds <edmo...@isc.org> wrote:
> > i don't think it's cache poisoning.  note that there are two out-of-zone
> > nameservers for ben.edu:
> ...
> > and that bobbroadband.com was updated recently,
> 
> Good catch! Makes sense.  I checked the history on ben.edu but didn't think 
> to check the rest of the delegation tree. D'oh.


Thus continuing the trend that all purported cache poisonings observed have
been registry hacks.

It appears that source port randomization works. 

Probably the only vulnerable servers are those behind NAT that derandomizes
the source port. But important servers are unlikely to suffer from network
address translation.

        Bert

_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Re: [dns-operations] AT&T DNS Cache Poisoning?

Reply via email to