6 May
2005
6 May
'05
6:43 p.m.
On Sat, 7 May 2005, Kim Onnel wrote:
2) Getting Riverhead, which is a shame if they had it and it didnt save the day.
riverhead has its warts, one of the larger ones is in some assumptions made about DNS client behaviour :( from first-hand experience you have to be very cautious when sticking one in front of a dns server(s), I imagine the mix gets really fun when that server(s) are really boxes with massively large lists of auth domains... Either way, without first-hand info from the attackee it's going to be tough to sort out what was and wasn't the problem... I do think that someone is going to chat about tcp/53 filtering and possibly other things DNS and ATTACK at the NSP-SEC BoF at nanog 34. -Chris