VeriSign's rapid DNS updates in .com/.net
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Jul 9 21:05:27 UTC 2004
On Fri, 09 Jul 2004 20:37:18 -0000, "Christopher L. Morrow" said:
> all still dependent on the 'its hijackable' to begin with, right? So what
> changed really?
"Hmm... that phone call 2 hours ago sounded fishy.. I better re-double-check"
Working scam for 1 hour 50 minutes with 5 minute updates, good chance
of being stopped before deployment with 12 hour updates.
Yes, on the flip side, the hijacking is *stopped* sooner - but for many
classes of attacks that involve control of a nameserver, a few minutes
can be enough....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040709/6778a7dc/attachment.sig>
More information about the NANOG
mailing list