Exploit for DNS Cache Poisoning - RELEASED

Steven M. Bellovin smb at cs.columbia.edu
Thu Jul 24 09:43:14 CDT 2008


On Thu, 24 Jul 2008 09:10:13 -0500
"Jorge Amodio" <jmamodio at gmail.com> wrote:

> >
> > Sure, I can empathize, to a certain extent. But this issue has
> > been known for 2+ weeks now.
> >
> 
> Well we knew about the DNS issues since long time ago (20+yrs
> perhaps?), so the issue is not new, just the exploit is more easy to
> put together and chances for it to succeed are much higher.
> 
This is important.  Kaminsky took a known concept and did the hard
engineering work to make it feasible.  To slightly misuse a quote
that's more often applied to crypto, "amateurs worry about algorithms;
pros worry about economics".  The economics of the attack have now
changed.  (And we need to get DNSSEC deployed before they change even
further.)


		--Steve Bellovin, http://www.cs.columbia.edu/~smb




More information about the NANOG mailing list