[128083] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Kaminsky finds DNS exploit

daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Jul 14 13:30:25 2008

Date: Mon, 14 Jul 2008 10:52:42 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: John Levine <johnl@iecc.com>, cryptography@metzdowd.com
In-Reply-To: <87ej5wa6c1.fsf@mid.deneb.enyo.de>

On Mon, 14 Jul 2008 16:27:58 +0200
Florian Weimer <fw@deneb.enyo.de> wrote:

> On top of that, some operators decided not to offer TCP service at
> all.

Right.  There's a common misconception, on both security and network
operator mailing lists, that DNS servers use TCP only for zone
transfers, and that all such connection requests should be blocked.
See, for example, the NANOG thread starting at
http://mailman.nanog.org/pipermail/nanog/2008-June/001240.html

		--Steve Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[128083] in cryptography@c2.net mail archive

Re: Kaminsky finds DNS exploit

daemon@ATHENA.MIT.EDU (Steven M. Bellovin)Mon Jul 14 13:30:25 2008

daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Jul 14 13:30:25 2008