North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: DNS cache poisoning attacks -- are they real?
On Sat, 26 Mar 2005, Joe Abley wrote: > > > Le 26 mars 2005, à 17:52, Sean Donelan a écrit : > > > You forgot the most important requirement, you have to be using > > insecure, unpatched DNS code (old versions of BIND, old versions of > > Windows, etc). If you use modern DNS code and which only follows > > trustworthy pointers from the root down, you won't get hooked by > > this. > > The obvious rejoinder to this is that there are no trustworthy pointers > from the root down (and no way to tell if the root you are talking to > contains genuine data) unless all the zones from the root down are > signed with signatures you can verify and there's a chain of trust to > accompany each delegation. > > If you don't have cryptographic signatures in the mix somewhere, it all > boils down to trusting IP addresses. where was www.makelovenotspam.com re-pointed to and 'hacked' again?? I forget... 'trust of the ip address' :(