On Aug 22, 2008, at 11:37 AM, Nicholas Weaver wrote:
> An Aware, Transparent attacker (eg, a typical packet injector) you CAN
> detect by looking for mismatched responses: where you get two
> responses to the same query but with different values. You can also
> MITIGATE such attack's damage to the cache, and NOTIFY the end client.

This only works if the attacker follows the rules. If the attacker
jams the 802.11g network during the time when the response is
expected, you'll see a short stutter in the network, and probably not
notice it. And since the jamming happened at the link layer, it will
just look to the resolver like no packets arrived except the
attacker's packets.

I suspect that producing a jammer that could be finely controlled in
this way would be about a day's work for a knowledgeable
practitioner. My point being that this is not at all an expensive
attack. It's something I could do on the IETF meeting network and
probably completely escape notice.

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.