| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <226B2B6F6A414C41ACC29C03@[192.168.2.101]>
Date: Sat, 26 Jul 2008 17:10:58 -0500
From: Paul Schmehl <pschmehl_lists@...rr.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: DNS spoofing issue. Thoughts on
--On Saturday, July 26, 2008 8:34 PM +0100 imipak <imipak@...il.com> wrote:
>
>>> The attack isn't "impossible", it's more like "1% chance *per hour* that
>>> your IDS doesn't notice and stop the attempts". Big difference...
>>>
>>
>> The information that I have says it's statistically impossible *if*
>> you are patched.
>>
>
> It's not statistically impossible; it just takes 2^16 times longer.
> And as Joe Greco observed on NANOG:
>
>> But realizing that going from 11 seconds to (11 * 64512 =) 8.21 days is
>> not a significant jump from the PoV of an attacker would certainly have
>> factored into my decision-making process.
>
How shall I put this? If you don't notice a dns cache poisoning attack for
8.21 days, you *deserve* to have your cache poisoned. (Not that anyone
ever deserves to be hacked, but there *is* such a thing as criminal
negligence.)
Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.
Content of type "application/pkcs7-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists