--On Saturday, July 26, 2008 12:58 AM -0400 [EMAIL PROTECTED] wrote:
On Fri, 25 Jul 2008 23:16:18 CDT, Paul Schmehl said:Just apply the Microsoft patches and you'll be fine. The patches make the attack essentially impossible.Paul, don't make me take you out back and smack you around. :) First off - SBC probably doesn't run Windows on the server(s) that they do the external for RandallMan's site, so the Microsoft patches are going to do squat-all for that side of the problem. And RandallMan most certainly *DOES* need to worry about SBC getting patched - that's the *biggest* threat now, is mass poisoning of an ISP's DNS servers affecting *all* their customers.
Well, I *did* think about pointing that SBC isn't patched, but I thought he probably knew that already since he's clearly aware of the problem.
Paul Vixie already pointed out that on an unpatched system, the DNS can get poisoned in about 11 seconds. And we *also* know that by iteratively trying new bogus names, the attacker can keep trying over and over till it works or they get bored. And all the current patches do is make it *harder* to hit. The attack isn't "impossible", it's more like "1% chance *per hour* that your IDS doesn't notice and stop the attempts". Big difference...
The information that I have says it's statistically impossible *if* you are patched.
Paul Schmehl As if it wasn't already obvious, my opinions are my own and not those of my employer.
p7sbhhYoPRY7r.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
