[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

* Hideki Yamane:

> On Sun, 10 Aug 2008 22:11:05 +0200
> Florian Weimer <fw@deneb.enyo.de> wrote:
>> The 2.6.24
>> kernel available since the last etch point release offers some
>> protection as well.
>  Umm? This is NEW information for me. Could you give me any
>  references?

It adds a weak form of source port randomization.  I fear it's not good
enough, but it's better than nothing.

>  And do you know this article?
>  http://technorati.com/posts/MqY%2Bc19oV42Zc0fXp5GQZC1UJxLVsVOhxhlxAxXB6S8%3D
>  If it's true, ... it's fear.

10 hours matches theoretical predictions for 200 Mbps attacks, so this
isn't really surprising.

>  #OT
>  BTW, in Japan, there are a lot of wireless Access Point (in Cafe, McDonalds 
>  or so) and many many people (Windows, Mac and a few Linux and *BSD users ;) 
>  use such wireless AP and unpatched name servers provided by dhcpd...
>  oh no ;(

On shared media networks, there are often better attacks than blind
spoofing. 8-(

Reply to: