?I don't even see DNSSEC helping much here, either, given that the
attacker could just strip out the DNSSEC
info (unless, perhaps, the home computers were running full (vs stub)
recursive resolvers that also did DNSSEC-validation).
Recursive resolvers, if run responsibly can help alleviate some
On Thu, 6 Mar 2014, Dan York wrote:
Now, in this case the attackers compromised the local network devices and took
over control of the local recursive resolvers. In this
case of the attacker controlling the recursive resolver, I don't know that any
of the various solutions thrown around
DNSOP members,
Given our session today talking about protecting DNS privacy, I found an
interesting bit of synchronicity upon going back to my room and seeing this
article in my feeds about a compromise of at least 300,000 small office / home
office (SOHO) home routers by a variety of attacks
but for the first case you can do
nothing except waiting for immediate action of rescue team.
Hosnieh
From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Dan York
Sent: Friday, March 07, 2014 12:10 AM
To: dnsop@ietf.org
Subject: [DNSOP] DNS privacy and Team Cymru's report on 300, 000
On Thu, Mar 06, 2014 at 11:09:33PM +, Dan York wrote:
this case of the attacker controlling the recursive resolver, I
don't know that any of the various solutions thrown around today
would do anything to help with this.
But this was exactly the question I (among others) was trying to
