DNS cache poisoning attacks -- are they real?

• Previous message (by thread): DNS cache poisoning attacks -- are they real?
• Next message (by thread): DNS cache poisoning attacks -- are they real?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 26 Mar 2005, Joe Abley wrote:

>
>
> Le 26 mars 2005, à 17:52, Sean Donelan a écrit :
>
> > You forgot the most important requirement, you have to be using
> > insecure, unpatched DNS code (old versions of BIND, old versions of
> > Windows, etc). If you use modern DNS code and which only follows
> > trustworthy pointers from the root down, you won't get hooked by
> > this.
>
> The obvious rejoinder to this is that there are no trustworthy pointers
> from the root down (and no way to tell if the root you are talking to
> contains genuine data) unless all the zones from the root down are
> signed with signatures you can verify and there's a chain of trust to
> accompany each delegation.
>
> If you don't have cryptographic signatures in the mix somewhere, it all
> boils down to trusting IP addresses.

where was www.makelovenotspam.com re-pointed to and 'hacked' again?? I
forget... 'trust of the ip address' :(

• Previous message (by thread): DNS cache poisoning attacks -- are they real?
• Next message (by thread): DNS cache poisoning attacks -- are they real?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]