| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4ef5fec60807131804t1204df2fh448c5988bdb785c@mail.gmail.com> Date: Sun, 13 Jul 2008 18:04:12 -0700 From: coderman <coderman@...il.com> To: "eugaaa@...il.com" <eugaaa@...il.com> Cc: full-disclosure@...ts.grok.org.uk, Paul Schmehl <pschmehl_lists_nada@...rr.com> Subject: Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) On Sun, Jul 13, 2008 at 5:26 PM, eugaaa@...il.com <eugaaa@...il.com> wrote: > What you wrote... please note that is not my post on that site; i merely link to it. thanks. > Why flood with dest unreachables when your goal is to answer before > the nameserver? if the nameserver is "down", you no longer need to race against it. > Meaning it is a remote timing based attack... sure. the bigger question is how large the temporal window of opportunity. if you have a large window, practical attacks become widely possible. a small niche and you're dealing with mostly theoretical impact. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists