Multiple DNS implementations vulnerable to cache poisoning

Lynda shrdlu at
Wed Jul 9 01:26:01 UTC 2008

Owen DeLong wrote:

> The tool, unfortunately, only goes after the server it thinks you are
>  using to recurse from the client where you're running your browser.
> This makes it hard to test servers being used in production
> environments without GUIs. The tool is not Lynx compatible.

Figures. It's becoming a pointy-clicky world. I don't like it much, either.

> On Jul 8, 2008, at 5:12 PM, Lynda wrote:
>> This is also being covered over on the Defcon Forums. Jeff Moss has  
>> said that he'll post the link to the interview that Kaminsky is  doing 
>> right now, after it's over.

Here's the direct link, for the curious:

Audio of Dan's press interview:

I'll see whether someone can pry the code loose from Dan, rather than 
having it hidden under a button. As Christian Koch said, the tool isn't 
really directed at NANOG folk. I'm sure that it could be modified so 
that it was. I note that BIND has been updated on all your favorite 
operating systems, which should help some. Still, the updates just 
barely happened, and then the announcement hit.

In April 1951, Galaxy published C.M. Kornbluth's "The Marching Morons".
The intervening years have proven Kornbluth right.
                 --Valdis Kletnieks

More information about the NANOG mailing list