On Tue, Sep 02, 2008 at 02:10:12PM -0700,
=?BIG5?B?SklOTUVJIFRhdHV5YSAvIK+rqfq5Rqt2IDxKaW5tZWlfVGF0dXlhQGlzYy5vcmc+?=
wrote:
No, the presence of an A record simply means the attack is not
effective until the A record expires (the attack itself succeeds
anytime unless the server also caches
At Tue, 2 Sep 2008 16:51:55 -0400,
L. Gabriel Somlo [EMAIL PROTECTED] wrote:
Of course, if the recursive server has cached a valid www.cnn.com/A,
the result of the attack won't be effective until it expires. But
once it expires, the attacker gets the full control of it and keeps
the
At Wed, 27 Aug 2008 11:02:27 -0400,
L. Gabriel Somlo [EMAIL PROTECTED] wrote:
I'm pretty sure that this patch doesn't avoid all variations of
Kaminsky's attack,
Hehe... I never claimed my one-character patch would fix *all* bugs
in bind -- I don't have *that* kind of power ;)
Okay, but
JINMEI, Tatuya wrote:
L. Gabriel Somlo [EMAIL PROTECTED] wrote:
I believe the attached patch fixes Dan Kaminsky's bug, and puts us
back to where an attacker would have to wait for the TTL to expire
before being able to poison the cache.
Anyone see any reason why we shouldn't do this ?
On Tue, Aug 26, 2008 at 10:45:27PM -0700,
=?BIG5?B?SklOTUVJIFRhdHV5YSAvIK+rqfq5Rqt2IDxKaW5tZWlfVGF0dXlhQGlzYy5vcmc+?=
wrote:
I'm pretty sure that this patch doesn't avoid all variations of
Kaminsky's attack,
Hehe... I never claimed my one-character patch would fix *all* bugs
in bind -- I
At Wed, 27 Aug 2008 00:13:03 -0400,
L. Gabriel Somlo [EMAIL PROTECTED] wrote:
I believe the attached patch fixes Dan Kaminsky's bug, and puts us
back to where an attacker would have to wait for the TTL to expire
before being able to poison the cache.
Anyone see any reason why we shouldn't