-----Original Message----- From: Dan York <[email protected]> Date: Wednesday, September 4, 2013 11:03 AM To: Ondřej Surý <[email protected]>, DNS Operations <[email protected]> Subject: Re: [dns-operations] DNS Attack over UDP fragmentation
>Ondrej, > >On 9/4/13 9:08 AM, "Ondřej Surý" <[email protected]> wrote: > >>We gave it some thoughts here at CZ.NIC Labs and we think that the threat >>is real and we are now trying to write a PoC code to prove the >>theoretical concept. >> >>So what are the views of other people on this list? > >I attended the SAAG session, listened to the presentation and read through >the materials with great interest. I left, though, not really sure I could >understand how real of a threat this is in actual deployments. I would >certainly welcome PoC code that could help shed light on the severity of >the issue. Interesting indeed. In reality, everyone should be thinking hard about remediation at all levels right now (protocol enhancements are great, but take time you won't have once a PoC exists). If the vector has been described, it's safe to assume people with more time and money are already working on the PoC, and won't be sharing it. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
