[72393] in North American Network Operators' Group
Re: VeriSign's rapid DNS updates in .com/.net
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Jul 9 17:06:08 2004
To: "Christopher L. Morrow" <christopher.morrow@mci.com>
Cc: Deepak Jain <deepak@ai.net>, nanog@merit.edu
In-Reply-To: Your message of "Fri, 09 Jul 2004 20:37:18 -0000."
<Pine.GSO.4.58.0407092036560.12790@sharpie.argfrp.us.uu.net>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 09 Jul 2004 17:05:27 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_165784652P
Content-Type: text/plain; charset=us-ascii
On Fri, 09 Jul 2004 20:37:18 -0000, "Christopher L. Morrow" said:
> all still dependent on the 'its hijackable' to begin with, right? So what
> changed really?
"Hmm... that phone call 2 hours ago sounded fishy.. I better re-double-check"
Working scam for 1 hour 50 minutes with 5 minute updates, good chance
of being stopped before deployment with 12 hour updates.
Yes, on the flip side, the hijacking is *stopped* sooner - but for many
classes of attacks that involve control of a nameserver, a few minutes
can be enough....
--==_Exmh_165784652P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFA7wiXcC3lWbTT17ARAm0nAKC+02T2qU2cNo5hF7XIJo0rDHjbeQCcC+Hn
HNbtIahlx4R1zOwypiMuQlQ=
=eIv5
-----END PGP SIGNATURE-----
--==_Exmh_165784652P--