Exploit for DNS Cache Poisoning - RELEASED
Steven M. Bellovin
smb at cs.columbia.edu
Thu Jul 24 14:43:14 UTC 2008
On Thu, 24 Jul 2008 09:10:13 -0500
"Jorge Amodio" <jmamodio at gmail.com> wrote:
> >
> > Sure, I can empathize, to a certain extent. But this issue has
> > been known for 2+ weeks now.
> >
>
> Well we knew about the DNS issues since long time ago (20+yrs
> perhaps?), so the issue is not new, just the exploit is more easy to
> put together and chances for it to succeed are much higher.
>
This is important. Kaminsky took a known concept and did the hard
engineering work to make it feasible. To slightly misuse a quote
that's more often applied to crypto, "amateurs worry about algorithms;
pros worry about economics". The economics of the attack have now
changed. (And we need to get DNSSEC deployed before they change even
further.)
--Steve Bellovin, http://www.cs.columbia.edu/~smb
More information about the NANOG
mailing list