Re: Mitigating DNS fragmentation attacks

2018-10-15 Thread Tom Ritter via dev-security-policy
On Mon, 15 Oct 2018 at 04:51, Paul Wouters via dev-security-policy wrote: > > On Oct 14, 2018, at 21:09, jsha--- via dev-security-policy > wrote: > > > > There’s a paper from 2013 outlining a fragmentation attack on DNS that > > allows an off-path attacker to poison certain DNS results using

Re: Mitigating DNS fragmentation attacks

2018-10-14 Thread Paul Wouters via dev-security-policy
On Oct 14, 2018, at 21:09, jsha--- via dev-security-policy wrote: > > There’s a paper from 2013 outlining a fragmentation attack on DNS that allows > an off-path attacker to poison certain DNS results using IP fragmentation[1]. > I’ve been thinking about mitigation techniques and I’m

Mitigating DNS fragmentation attacks

2018-10-14 Thread jsha--- via dev-security-policy
There’s a paper from 2013 outlining a fragmentation attack on DNS that allows an off-path attacker to poison certain DNS results using IP fragmentation[1]. I’ve been thinking about mitigation techniques and I’m interested in hearing what this group thinks. I've started a thread over at the