On Sat, Oct 27, 2012 at 06:11:32PM -0700, David Conrad wrote:
> On Oct 27, 2012, at 1:37 PM, Robert Edmonds <[email protected]> wrote:
> > i don't think it's cache poisoning. note that there are two out-of-zone
> > nameservers for ben.edu:
> ...
> > and that bobbroadband.com was updated recently,
>
> Good catch! Makes sense. I checked the history on ben.edu but didn't think
> to check the rest of the delegation tree. D'oh.
Thus continuing the trend that all purported cache poisonings observed have
been registry hacks.
It appears that source port randomization works.
Probably the only vulnerable servers are those behind NAT that derandomizes
the source port. But important servers are unlikely to suffer from network
address translation.
Bert
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
