lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 4 Nov 2003 10:35:21 -0800 (PST)
To: (Helen England \[SAI\])
Subject: Re: New DNS Security Paper

> Hi
> DNS is the most widely used protocol on the Internet yet many security
> professionals do not have a full understanding of the many weaknesses
> which surround it which are needed for Penetration Testing and day to
> day security. 
> We have released a paper on DNS security taken from our
> DefensiveDeployment course within which we highlight basic and advanced
> DNS attacks. Please download from the below link. 
> Helen England ESA
> DefensiveHacking | DefensiveDeployment | DefensiveForensics comes to UK
> and Saudi Arabia
> Expert Security Associate (ESA)

	You might have considered looking at the following document,
	as it properly describes the true threat model to the DNS
	as it currently stands.

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the DNS Extensions Working Group of the IETF.

        Title           : Threat Analysis Of The Domain Name System
        Author(s)       : D. Atkins, R. Austein
        Filename        : draft-ietf-dnsext-dns-threats-04.txt
        Pages           : 15
        Date            : 2003-10-27

Although the DNS Security Extensions (DNSSEC) have been under
development for most of the last decade, the IETF has never written
down the specific set of threats against which DNSSEC is designed to
protect.  Among other drawbacks, this cart-before-the-horse situation
has made it difficult to determine whether DNSSEC meets its design
goals, since its design goals are not well specified.  This note
attempts to document some of the known threats to the DNS, and, in
doing so, attempts to measure to what extent (if any) DNSSEC is a
useful tool in defending against these threats.

A URL for this Internet-Draft is:

--bill manning

Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
and use priority code SF4.

Powered by blists - more mailing lists