how to protect name servers against cache corruption
Jay R. Ashworth
jra at scfn.thpl.lib.fl.us
Wed Jul 30 19:27:23 UTC 1997
On Wed, Jul 30, 1997 at 11:09:24AM -0700, Paul A Vixie wrote:
> > 3) If it was that easy to do, why hasn't it happened again?
>
> because that particular attack only works if you are willing to get caught.
Nicely put. Although accidents do happen, like the genieweb.com
answering for ".com" debacle a couple weeks back.
> > 4) How can I check for cache corruption?
>
> "dig @0 www.netsol.com a" and "dig @cache00.ns.uu.net www.netsol.com a" and
> check for differences.
Paul: I assume dig @0 is an idiom for localhost? (Apologies for being
less than familiar with dig, it's not on this machine, and I'm not the
admin.)
> > Apologies if any of the above sound moronic or ill-informed; extracting
> > facts from reams of "what is a backhoe" mail list is a painfully slow task.
> > Time for some filters I think...
>
> no apologia needed. public explainations of this attack have been poor, even
> and especially by me. i'm grateful for the opportunity to improve on that.
I hadn't thought that the explanations were all _that_ weak... and I'm
on 7 lists, and the backhoe traffic didn't bother _me_ that much.
Perhaps time for a new mail program, or a faster link?
Cheers,
-- jr '30 newsgroups, too' a
--
Jay R. Ashworth jra at baylink.com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "People propose, science studies, technology
Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
More information about the NANOG
mailing list