[11426] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: how to protect name servers against cache corruption

daemon@ATHENA.MIT.EDU (Paul A Vixie)
Tue Jul 29 22:48:43 1997

To: nanog@merit.edu
In-reply-to: Your message of "Tue, 29 Jul 1997 21:24:04 CDT."
             <199707300224.VAA01839@enteract.com> 
Date: Tue, 29 Jul 1997 19:30:04 -0700
From: Paul A Vixie <vixie@vix.com>

> To reiterate: BIND 8.1.1 is not immune to all the variants of the attack
> used by the Alternic,

False.  The attacks which remain are not variants of the bug exploited by
AlterNIC, which was a program bug rather than a protocol misfeature.

>                     and there are very real security problems that remain
> (and will continue to remain) until the implementation of DNSSEC
> (according to Mr. Vixie).

True.

> As this thread is now rapidly losing it's operations context (as well as
> it's informative value), I'd suggest we now move towards killing it.

As soon as messages containing misstatements like the one above stop 
appearing, I for one will be happy to return to lurk status.



home help back first fref pref prev next nref lref last post