"David Higgs" <[EMAIL PROTECTED]> writes: > At any rate, OpenBSD developers likely believe (or know from firsthand > experience) that there are already satisfactory measures that can be > taken by concerned admins to secure DNS or other traffic.
My very superficial reading of the paper left me with the impression that actually capturing enough data to successfully inject the desired bad (or 'crafted') data would take on the order of several thousand DNS queries *and* the successful calculation of the data to be inserted with a matching checksum during something like a 90 second window of opportunity. Feel free to correct my impression, but if it's even approximately right, there *are* better ways to deal with kiddies who try this particular attack, several well known with the somewhat desirable property that they are actually good for a number of other things too. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
