[MLB-WIRELESS] DNS and Locfinder
Andrew Griffiths
andrewg at d2.net.au
Thu Nov 28 16:24:19 EST 2002
evilbunny wrote:
> Hello Andrew,
>
> Erm internal DNS poisoning, ie no authoritative root servers or? Thou
> I don't see this as much of a problem then something like route
> poisoning...
>
Route poisoing is easier to deal with, such as authenication between
two/more peers (hmmm, I think replay attacks are a problem though, its
been a while since I played with various protocols in respect to that),
striking out route updates, (e.g a interior router saying its got routes
for another area when you know it can't have.). *shrug* preferably
though, imo we should be aiming to have a focus to making things more
secure than currently what we've got with the internet.
Where as DNS poisoning has no particuar safeguards/things to help
prevent problems (that I'm aware of.)
http://cr.yp.to/djbdns/forgery.html - although to quote "DNSSEC---for
example, BIND 9's RFC 2535 implementation---has been falsely advertised
for years as a software feature that you can install to protect your
computer against DNS forgeries. In fact, installing DNSSEC does nothing
to protect you, and it will continue to do nothing for the foreseeable
future.", can be avoided by having our own (internal?) infrastructure to
support it. However, it appears the protocol is changing constantly, so
it may not be feasible/possible for us to do it.
(Yes, people can still cause problems if they compromise on of the boxes.)
Sincerely,
Andrew Griffiths
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list