On 2013-09-04 17:38, Mike Hoskins (michoski) wrote:
-----Original Message-----
From: Dan York <[email protected]>
Date: Wednesday, September 4, 2013 11:03 AM
To: Ondřej Surý <[email protected]>, DNS Operations
<[email protected]>
Subject: Re: [dns-operations] DNS Attack over UDP fragmentation
Ondrej,
On 9/4/13 9:08 AM, "Ondřej Surý" <[email protected]> wrote:
We gave it some thoughts here at CZ.NIC Labs and we think that the
threat
is real and we are now trying to write a PoC code to prove the
theoretical concept.
So what are the views of other people on this list?
I attended the SAAG session, listened to the presentation and read
through
the materials with great interest. I left, though, not really sure I
could
understand how real of a threat this is in actual deployments. I
would
certainly welcome PoC code that could help shed light on the severity
of
the issue.
Interesting indeed. In reality, everyone should be thinking hard about
remediation at all levels right now (protocol enhancements are great,
but
take time you won't have once a PoC exists). If the vector has been
described, it's safe to assume people with more time and money are
already
working on the PoC, and won't be sharing it.
I had the same feeling as Dan when I saw this presentation. It fell
into
too-good-to-be-true category, and I thought that if the described attack
was true then everybody should be panicking right now. So it took me
some
time and conversations with various people to assess the severity of the
attack.
So, yes, there might be already PoC in blackhat community, but
fortunatelly
it's still simpler to use the infected computers than clever attacks on
the
infrastructure.
O.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
