Multiple DNS implementations vulnerable to cache poisoning

• Previous message (by thread): Multiple DNS implementations vulnerable to cache poisoning
• Next message (by thread): Multiple DNS implementations vulnerable to cache poisoning
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 9 Jul 2008, Steven M. Bellovin wrote:
> How many ISPs run DNS servers for customers?  Start by signing those
> zones -- that has to be done in any event.  Set up caching resolvers to
> verify signatures.  "It is not your part to finish the task, yet you
> are not free to desist from it."  (From the Talmud, circa 130.)
>
> No, I didn't say it would be easy, but if we don't start we're not
> going to get anywhere.

Are these the same ISPs that haven't started implementing other
anti-spoofing controls like BCP38++?

What is the estimated completion date to stop all spoofed IP packets,
included but only DNS spoofing?

• Previous message (by thread): Multiple DNS implementations vulnerable to cache poisoning
• Next message (by thread): Multiple DNS implementations vulnerable to cache poisoning
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]