[106171] in North American Network Operators' Group
re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
daemon@ATHENA.MIT.EDU (Paul Vixie)
Thu Jul 24 01:55:47 2008
From: Paul Vixie <vixie@isc.org>
To: nanog@merit.edu
Date: Thu, 24 Jul 2008 05:55:19 +0000
X-Vix-MailScanner-From: vixie@vix.com
Errors-To: nanog-bounces@nanog.org
--=-=-=
this is for whoever said "it's just a brute force attack" and/or "it's the
same attack that's been described before". maybe it goes double if that
person is also the one who said "my knowledge in this area is out of date".
grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr.
re:
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--=-=-=
Content-Type: message/rfc822
Content-Disposition: attachment; filename=2447
Content-Description: forwarded message
Return-Path: <dns-operations-bounces@lists.oarci.net>
X-Original-To: paul@vix.com
Delivered-To: vixie@nsa.vix.com
Received: from in2.oarc.isc.org (mail.oarc.isc.org [IPv6:2001:4f8:0:2::43])
by nsa.vix.com (Postfix) with ESMTP id 15AAFA1022
for <paul@vix.com>; Tue, 22 Jul 2008 18:11:36 +0000 (UTC)
(envelope-from dns-operations-bounces@lists.oarci.net)
Received: from in2.oarc.isc.org (localhost [IPv6:::1])
by in2.oarc.isc.org (Postfix) with ESMTP id 2079B2EB73;
Tue, 22 Jul 2008 18:11:34 +0000 (UTC)
(envelope-from dns-operations-bounces@lists.oarci.net)
X-Original-To: dns-operations@lists.oarci.net
Delivered-To: dns-operations@oarc.isc.org
Received: from nsa.vix.com (nsa.vix.com
[IPv6:2001:4f8:3:bb:230:48ff:fe5a:2f38])
by in2.oarc.isc.org (Postfix) with ESMTP id 5666D2EB3C
for <dns-operations@lists.oarci.net>;
Tue, 22 Jul 2008 18:10:48 +0000 (UTC) (envelope-from vixie@vix.com)
Received: from nsa.vix.com (localhost [127.0.0.1])
by nsa.vix.com (Postfix) with ESMTP id 208CEA1044;
Tue, 22 Jul 2008 18:10:42 +0000 (UTC)
(envelope-from vixie@nsa.vix.com)
From: Paul Vixie <vixie@isc.org>
To: "Alperovitch, Dmitri" <dmitri_alperovitch@securecomputing.com>
In-Reply-To: Your message of "Tue, 22 Jul 2008 10:54:07 EST."
<5CF2BB5045ED7D44B69F3E63642D693205B01C2E@ICE.scur.com>
References: <48851B90.8060805@virginia.edu><84EA92B0-9D1C-4AB8-B915-3C340A7E5965@cira.ca>
<20080722044205.GB91461@fritz.cc.gt.atl.ga.us><5CF2BB5045ED7D44B69F3E63642D693205B01A5F@ICE.scur.com>
<4885FC3D.3000309@virginia.edu>
<5CF2BB5045ED7D44B69F3E63642D693205B01C2E@ICE.scur.com>
X-Mailer: MH-E 8.0.3; nil; GNU Emacs 22.2.1
Date: Tue, 22 Jul 2008 18:10:42 +0000
Message-ID: <43558.1216750242@nsa.vix.com>
MIME-Version: 1.0
X-Vix-MailScanner: Found to be clean, Found to be clean
X-Spam-Status: No, No
Cc: dns-operations@lists.oarci.net
Subject: Re: [dns-operations] DNS issue accidentally leaked?
X-BeenThere: dns-operations@lists.oarci.net
X-Mailman-Version: 2.1.10
Precedence: list
List-Id: DNS Operations <dns-operations.lists.oarci.net>
List-Unsubscribe: <http://lists.oarci.net/mailman/options/dns-operations>,
<mailto:dns-operations-request@lists.oarci.net?subject=unsubscribe>
List-Archive: <http://lists.oarci.net/pipermail/dns-operations>
List-Post: <mailto:dns-operations@lists.oarci.net>
List-Help: <mailto:dns-operations-request@lists.oarci.net?subject=help>
List-Subscribe: <http://lists.oarci.net/mailman/listinfo/dns-operations>,
<mailto:dns-operations-request@lists.oarci.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dns-operations-bounces@lists.oarci.net
Errors-To: dns-operations-bounces@lists.oarci.net
X-Vix-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-ID: 15AAFA1022.3782F
X-Vix-MailScanner-From: dns-operations-bounces@lists.oarci.net
> >The difference is its use of additional RR records. The request is for
> >some arbitrary sub domain like 12345.google.com, but your spoofed
> >response also includes the record for www.google.com
>
> Which is also decades old and well known. So at best, it's a 'new' attack
> that is a combination of 2 well-known/documented ones. Maybe I am somewhat
> disappointed because I expected a second coming/something truly novel
> (please note that I'm not discounting the seriousness of the issue, just
> commenting on its apparent novelty)
downplay this all you want, we can infect a name server in 11 seconds now,
which was never true before. i've been tracking this area since 1995. don't
try to tell me, or anybody, that dan's work isn't absolutely groundbreaking.
i am sick and bloody tired of hearing from the people who aren't impressed.
every time some blogger says "this isn't new", another five universities
and ten fortune 500 companies and three ISP's all decide not to patch.
that means we'll have to wait for them to be actively exploited before they
will understand the nature of the emergency.
perhaps dan's defcon talk will open some remaining eyes among those glued
shut by the pride and prejudice of the minds behind them. i am stunned,
absolutely stunned, that there was a ready-to-go blog posting sitting in
clear text on a network connected machine, written by tom ptacek who had
whined about how the hacker community needed to be in the loop, waiting for
the "publish" button to be hit "accidentally" by his wife. is this how the
community rewards dan for trying to buy us all some time to protect the
infrastructure? is this how the community plans to incentivize slow and
careful disclosure of the next big flaw?
we've exited another era in the disclosure debate, and not even dan knew it.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
dns-operations mailing list
dns-operations@lists.oarci.net
http://lists.oarci.net/mailman/listinfo/dns-operations
--=-=-=--
