DNS attacks
Kevin Darcy
kcd at chrysler.com
Fri Jul 25 23:57:32 UTC 2008
Allow me to clarify that a bit: there's a fine line here between giving
enough information to administrators to allow them to identify
_bona_fide_ Kaminsky-style attacks, on the one hand, and, on the other,
giving yet more information to the would-be perpetrators of such attacks.
If you *really* need to know what the attack looks like, and you can
read code at all, attack code has already been published, so you should
be able to figure out the profile yourself.
- Kevin
Kevin Darcy wrote:
> I don't know that it would be appropriate for me to say any more than
> that, since the details of the exploit have not yet been "officially"
> disclosed.
>
> - Kevin
>
>
> Michael Varre wrote:
>
>> Sorry I meant to reply to all. What is the attack profile for this?
>>
>>
>>
>> On 7/25/08, Kevin Darcy <kcd at chrysler.com> wrote:
>>
>>
>>> Wolfgang S. Rupprecht wrote:
>>>
>>>
>>>> James Kosin posted a message on the fedora mailing list that he is
>>>> actually seeing DNS attack messages in his log files. The message is
>>>> archived here:
>>>>
>>>> http://permalink.gmane.org/gmane.linux.redhat.fedora.general/306278
>>>>
>>>> Hopefully reports like this will get the folks to upgrade.
>>>>
>>>>
>>>>
>>> It's definitely a probe of some kind, but AFAICT a bunch of repeated
>>> queries for a *small* number of names, isn't the attack profile
>>> associated with the Kaminsky exploit.
>>>
>>> People should upgrade, of course. Even if the attacks aren't here yet,
>>> it's only a matter of time...
>>>
>>> - Kevin
>>>
>>>
>>>
>>>
>>>
>>
>>
>
>
>
>
>
More information about the bind-users
mailing list