Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
* Hideki Yamane:
> On Sun, 10 Aug 2008 22:11:05 +0200
> Florian Weimer <firstname.lastname@example.org> wrote:
>> The 2.6.24
>> kernel available since the last etch point release offers some
>> protection as well.
> Umm? This is NEW information for me. Could you give me any
It adds a weak form of source port randomization. I fear it's not good
enough, but it's better than nothing.
> And do you know this article?
> If it's true, ... it's fear.
10 hours matches theoretical predictions for 200 Mbps attacks, so this
isn't really surprising.
> BTW, in Japan, there are a lot of wireless Access Point (in Cafe, McDonalds
> or so) and many many people (Windows, Mac and a few Linux and *BSD users ;)
> use such wireless AP and unpatched name servers provided by dhcpd...
> oh no ;(
On shared media networks, there are often better attacks than blind