[78970] in North American Network Operators' Group
Re: DNS cache poisoning attacks -- are they real?
daemon@ATHENA.MIT.EDU (Randy Bush)
Sun Mar 27 12:03:29 2005
From: Randy Bush <randy@psg.com>
Date: Sun, 27 Mar 2005 09:02:06 -0800
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: Sean Donelan <sean@donelan.com>, nanog@merit.edu
Errors-To: owner-nanog@merit.edu
>> On the other hand, there are a lot of reasons why a DNS operator may
>> return different answers to their own users of their resolvers. Reverse
>> proxy caching is very common. Just about all WiFi folks use cripple
>> DNS as part of their log on. Or my favorite, quarantining infected
>> computers to get the attention of their owners.
sean, solving a layer two problem (mac address) at layer four will bite
you in the long run.
> Thank $DEITY for large ISPs running open resolvers on fat pipes ..
> those do come in quite handy in a resolv.conf sometimes, when I run
> into this sort of behavior.
problem is many walled garden providers, e.g. t-mo, block 53.
randy
