Ok, thanks.
Steve
On May 10, 2016, at 11:54 AM, 神明達哉 wrote:
> At Tue, 10 May 2016 15:04:56 +0200,
> Stephane Bortzmeyer wrote:
>
>>> This is true, but I suspect it would be pretty easy for this type
>>> of attacker to circumvent the effect if and when the nxdomain-cut
>>> behavior is more
At Tue, 10 May 2016 15:04:56 +0200,
Stephane Bortzmeyer wrote:
> > This is true, but I suspect it would be pretty easy for this type
> > of attacker to circumvent the effect if and when the nxdomain-cut
> > behavior is more widely deployed. An attacker for the '.wf' zone
> > would simply
At Mon, 9 May 2016 18:45:49 -0400,
Shumon Huque wrote:
> > - Section 3
> >
> >"NXDOMAIN cut" may also help mitigate certain types of random QNAME
> >attacks [joost-dnsterror] [balakrichenan-dafa888], where there is a
> >fixed suffix which does not exist.
> >
> > This is true, but I
On Tue, May 10, 2016 at 09:18:05AM -0400,
Ted Lemon wrote
a message of 97 lines which said:
> Make this stop working, and they will adjust quickly.
Filtering on the QNAME works fine (quite easy with such long suffixes)
and they did not adjust.
___
One observation to make about this is that it's not that they are stupid,
but that they don't care about being clever. They just care that it
works. So probably somebody reasonably smart did the three-label attack
because the DNS geek in them was trying to be neat, even as the attack geek
in th
On Mon, May 09, 2016 at 11:01:30AM -0700,
神明達哉 wrote
a message of 49 lines which said:
> This is true, but I suspect it would be pretty easy for this type
> of attacker to circumvent the effect if and when the nxdomain-cut
> behavior is more widely deployed. An attacker for the '.wf' zo
On Mon, May 9, 2016 at 2:01 PM, 神明達哉 wrote:
> At Mon, 25 Apr 2016 21:39:32 +0200,
> Stephane Bortzmeyer wrote:
>
> > Stephane Bortzmeyer wrote
> > a message of 17 lines which said:
> >
> > > > Title : NXDOMAIN really means there is nothing
> underneath
> > > > Author
At Mon, 25 Apr 2016 21:39:32 +0200,
Stephane Bortzmeyer wrote:
> Stephane Bortzmeyer wrote
> a message of 17 lines which said:
>
> > > Title : NXDOMAIN really means there is nothing
> > > underneath
> > > Authors : Stephane Bortzmeyer
> > >
On 25 April 2016 at 12:39, Stephane Bortzmeyer wrote:
> On Thu, Apr 07, 2016 at 04:46:11PM +0200,
> Stephane Bortzmeyer wrote
> a message of 17 lines which said:
>
> > > Title : NXDOMAIN really means there is nothing
> underneath
> > > Authors : Stephane Bortz
On Mon, Apr 25, 2016 at 3:39 PM, Stephane Bortzmeyer
wrote:
> On Thu, Apr 07, 2016 at 04:46:11PM +0200,
> Stephane Bortzmeyer wrote
> a message of 17 lines which said:
>
> > > Title : NXDOMAIN really means there is nothing
> underneath
> > > Authors : Stephane
On Thu, Apr 07, 2016 at 04:46:11PM +0200,
Stephane Bortzmeyer wrote
a message of 17 lines which said:
> > Title : NXDOMAIN really means there is nothing underneath
> > Authors : Stephane Bortzmeyer
> > Shumon Huque
> > Filename
On Thu, Apr 07, 2016 at 07:43:29AM -0700,
internet-dra...@ietf.org wrote
a message of 47 lines which said:
> Title : NXDOMAIN really means there is nothing underneath
> Authors : Stephane Bortzmeyer
> Shumon Huque
> Filename
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations of the IETF.
Title : NXDOMAIN really means there is nothing underneath
Authors : Stephane Bortzmeyer
13 matches
Mail list logo