rmeyer@mhsc.COM (Roeland M.J. Meyer) writes:
That's not what Paul said.
Randy Bush writes: this is false and specious garbage
Both statements are true. You can hijack domain names and insert bogus data in caches without hacking any root servers. It is much easier to just e-mail a domain modify template to NSI, and insert some bogus IP addresses for certain names. Similar to what happened to AOL last year (actually it appears to be a glue issue on some NS records). I haven't seen NSI official statements myself, only the news reports. But there is no evidence any of the independently operated root-name servers were hacked. If any systems were hacked, they were NSI's registration process. I think some people are getting too wrapped up in some really exotic attacks on DNS, when the simple ones still work. Maybe BEFORE-UPDATE will get finished now. -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
Maybe BEFORE-UPDATE will get finished now.
would not have helped in this one. the best (i have thought of so far) prevention of repition will be perceived as rather nasty, as it will require a bit more work, namely getting your hst done first, when you want to add a new tld nameserver to the world or sld nameserver to the gtlds. but i think it should be done. after today, i would guess more folk might think it should be done. :-) randy
rmeyer@mhsc.COM (Roeland M.J. Meyer) writes:
That's not what Paul said.
Randy Bush writes: this is false and specious garbage
Both statements are true. You can hijack domain names and insert bogus data in caches without hacking any root servers. It is much easier to just e-mail a domain modify template to NSI, and insert some bogus IP addresses for certain names. Similar to what happened to AOL last year (actually it appears to be a glue issue on some NS records).
I think some people are getting too wrapped up in some really exotic attacks on DNS, when the simple ones still work.
Who was it that said, "never attribute to malice..." While the clever pranks/attacks are interesting and potentially very disruptive, simple mistakes and social manipulation can/do cause lots of highly visable impact. Somewhat akin to tossing a lighted match into a powder keg. I hope these "fireworks" prove to be a dud and that our respective holidays are safe, quiet, and productive. --bill
participants (3)
-
bmanning@vacation.karoshi.com
-
Randy Bush
-
Sean Donelan