[147716] in North American Network Operators' Group
Re: what if...?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Dec 20 12:03:19 2011
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <20111220133723.cfjv8g999ssoc8gg@fcaglp.fcaglp.unlp.edu.ar>
Date: Tue, 20 Dec 2011 12:00:28 -0500
To: =?iso-8859-1?Q?=22Eduardo_A=2E_Su=E1rez=22?=
<esuarez@fcaglp.fcaglp.unlp.edu.ar>
Cc: NANOG Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 20, 2011, at 11:37 AM, Eduardo A. Su=E1rez wrote:
> Hi,
>=20
> what if evil guys hack my mom ISP DNS servers and use RPZ to redirect =
traffic from mom_bank.com to evil.com?
>=20
> How can she detect this?
Thankfully mom_bank.com is not valid, as underscores aren't valid in dns =
names :)
Additionally, SSL certificates combined with DNSSEC/DANE can provide =
some protection. Some of this technology may not be available today, =
but is worth tracking if you are interested in this topic.
- Jared=
