On 1 Aug 2008, at 01:54, Andrew Sullivan wrote:

> [no hat]
>
> On Thu, Jul 31, 2008 at 08:47:12PM +0200, Patrik Wallstrom wrote:
>> John Dickinson demonstrated on the dnsext wg meeting today that you
>> can
>> spoof a local DNS reslover in 95ms. The resolver had a fixed source
>> port.

>
> I understood from his remarks, also, that John hadn't seen anything
> except what had leaked.


That is correct. I read what was in a cache of the leaked blog post
and I did see the metasploit code that was linked to on this list.
However, this work is completely new code. I wrote it from scratch to
make sure I fully understood the seriousness of the attack that was
being suggested. Now I do! I hope this dispels any remaining myths
about the need to deploy patches and DNSSEC.

As the people in the room will have seen, the time taken to succeed
varies and 95ms was one of the better efforts. My suspicion is that
there are a variety of ways to optimize this and I hope to do further
work on that. However, I will not publish any details until after Aug
6th.

Several people have asked if they can get the a copy of the code -
While I am happy to do demos, I hope they will understand that this is
not something that I want to release.

John

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: