On 1 Aug 2008, at 01:54, Andrew Sullivan wrote:
[no hat] On Thu, Jul 31, 2008 at 08:47:12PM +0200, Patrik Wallstrom wrote:John Dickinson demonstrated on the dnsext wg meeting today that you can spoof a local DNS reslover in 95ms. The resolver had a fixed source port.I understood from his remarks, also, that John hadn't seen anything except what had leaked.
That is correct. I read what was in a cache of the leaked blog post and I did see the metasploit code that was linked to on this list. However, this work is completely new code. I wrote it from scratch to make sure I fully understood the seriousness of the attack that was being suggested. Now I do! I hope this dispels any remaining myths about the need to deploy patches and DNSSEC.
As the people in the room will have seen, the time taken to succeed varies and 95ms was one of the better efforts. My suspicion is that there are a variety of ways to optimize this and I hope to do further work on that. However, I will not publish any details until after Aug 6th.
Several people have asked if they can get the a copy of the code - While I am happy to do demos, I hope they will understand that this is not something that I want to release.
John -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>