Re: DNS Cache poisoning and pdnsd

To: debian-security@lists.debian.org, madcoder@debian.org
Subject: Re: DNS Cache poisoning and pdnsd
From: Kapil Hari Paranjape <kapil@imsc.res.in>
Date: Thu, 24 Jul 2008 09:32:57 +0530
Message-id: <20080724040257.GA19861@imsc.res.in>
In-reply-to: <87hcay28js.fsf@mid.deneb.enyo.de> <20080709172917.GD13133@artemis.madism.org> <20080709094421.GA8180@imsc.res.in>
References: <20080709094421.GA8180@imsc.res.in> <20080709172917.GD13133@artemis.madism.org> <87hcay28js.fsf@mid.deneb.enyo.de> <20080709094421.GA8180@imsc.res.in> <20080709172917.GD13133@artemis.madism.org> <20080709094421.GA8180@imsc.res.in>

Hello,

On Wed, 09 Jul 2008, Kapil Hari Paranjape wrote:
> The Debian advisory does not mention the status of "pdnsd" w.r.t the
> DNS cache poisoning problem. A quick check seems to suggest that
> "pdnsd" also randomises the source port while sending out a query.

According to the following URL Dan Kaminsky's cat's whiskers may already
be out of the bag[*] and source port randomisation may not be enough.

http://addxorrol.blogspot.com/2008/07/on-dans-request-for-no-speculation.html

Regards,

Kapil.

[*] Sorry for the sub-metaphor --- I liked it so I added it.
--

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: DNS Cache poisoning and pdnsd
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- DNS Cache poisoning and pdnsd
  - From: Kapil Hari Paranjape <kapil@imsc.res.in>
- Re: DNS Cache poisoning and pdnsd
  - From: Pierre Habouzit <madcoder@debian.org>
- Re: DNS Cache poisoning and pdnsd
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: [SECURITY] [DSA 1615-1] New xulrunner packages fix several vulnerabilities
Next by Date: Re: [SECURITY] [DSA 1616-1] new clamav packages fix denial of service
Previous by thread: Re: DNS Cache poisoning and pdnsd
Next by thread: Re: DNS Cache poisoning and pdnsd
Index(es):
- Date
- Thread