On 07/06/2006 06:21 PM, Tomasz Sterna wrote: > On 7/4/06, Norman Rasmussen <[EMAIL PROTECTED]> wrote: >> Most jabber servers seem to give up and _not_ do the dns cascade, but >> Wildfire seems to do the cascade DNS, generating lots of 'Failed to >> lookup .de', or 'Failed to lookup .org' records in the log files. > > So you say if I'm hosting your parent domain I could take-over and > spoof your non-functioning (DDoS'ed) XMPP server? Sending SPIM, > harvesting password. Possibilities are endless. Great, just great.
Given jabber clients' genearlly poor support of SSL/TLS certificate verification (kudos to Psi for doing it right), resistance to DNS-based attacks seems like a definite non-priority for the jabber community. -- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]> "Never try to retrieve anything from a bear."--National Park Service
