Re: [Full-disclosure] DNS spoofing issue. Thoughts on

--On Saturday, July 26, 2008 8:34 PM +0100 imipak <imipak@gmail.com> wrote:
> > > The attack isn't "impossible", it's more like "1% chance *per hour* that
> > > your IDS doesn't notice and stop the attempts".  Big difference...
> >
> > The information that I have says it's statistically impossible *if*
> > you are patched.
>
> It's not statistically impossible; it just takes 2^16 times longer.
> And as Joe Greco observed on NANOG:
>
> > But realizing that going from 11 seconds to (11 * 64512 =) 8.21 days is
> > not a significant jump from the PoV of an attacker would certainly have
> > factored into my decision-making process.

How shall I put this?  If you don't notice a dns cache poisoning attack for 
8.21 days, you *deserve* to have your cache poisoned.  (Not that anyone 
ever deserves to be hacked, but there *is* such a thing as criminal 
negligence.)

Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.

p7sRQoX2b6Yfy.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/