| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 26 Jul 2008 20:34:36 +0100 From: imipak <imipak@...il.com> To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk> Subject: Re: DNS spoofing issue. Thoughts on Hi Paul, >> The attack isn't "impossible", it's more like "1% chance *per hour* that >> your IDS doesn't notice and stop the attempts". Big difference... >> > >The information that I have says it's statistically impossible *if* >you are patched. > It's not statistically impossible; it just takes 2^16 times longer. And as Joe Greco observed on NANOG: > But realizing that going from 11 seconds to (11 * 64512 =) 8.21 days is > not a significant jump from the PoV of an attacker would certainly have > factored into my decision-making process. http://readlist.com/lists/trapdoor.merit.edu/nanog/7/37358.html IDS of various flavours (from the straightforward cache-monitoring script posted yesterday, to Snort or the latest "Enterprise Intrusion Prevention solution" changes the odds somewhat, but this is what is meant when people say DNSSEC is the only solution (on the table today, anyway) to the fundamental problem. =i -- make way for history flickering like a long-lost memory _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists