[MLB-WIRELESS] DNS and Locfinder

Andrew Griffiths andrewg at d2.net.au
Thu Nov 28 16:24:19 EST 2002


evilbunny wrote:
> Hello Andrew,
> 
> Erm internal DNS poisoning, ie no authoritative root servers or? Thou
> I don't see this as much of a problem then something like route
> poisoning...
> 

Route poisoing is easier to deal with, such as authenication between 
two/more peers (hmmm, I think replay attacks are a problem though, its 
been a while since I played with various protocols in respect to that), 
striking out route updates, (e.g a interior router saying its got routes 
for another area when you know it can't have.). *shrug* preferably 
though, imo we should be aiming to have a focus to making things more 
secure than currently what we've got with the internet.

Where as DNS poisoning has no particuar safeguards/things to help 
prevent problems (that I'm aware of.) 
http://cr.yp.to/djbdns/forgery.html - although to quote "DNSSEC---for 
example, BIND 9's RFC 2535 implementation---has been falsely advertised 
for years as a software feature that you can install to protect your 
computer against DNS forgeries. In fact, installing DNSSEC does nothing 
to protect you, and it will continue to do nothing for the foreseeable 
future.", can be avoided by having our own (internal?) infrastructure to 
support it. However, it appears the protocol is changing constantly, so 
it may not be feasible/possible for us to do it.

(Yes, people can still cause problems if they compromise on of the boxes.)


Sincerely,
Andrew Griffiths



To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list