Advertisement
Advanced thin client solution for Linux, based on Open Source. Mix Windows and Linux, with hardware accelerated OpenGL!
| |||||||||||
Details of the DNS flaw revealedDetails of the DNS flaw revealedPosted Aug 13, 2008 18:16 UTC (Wed) by smoogen (subscriber, #97)Parent article: Details of the DNS flaw revealed
Could someone explain why djbdns is not vulnerable to this attack (or I have been told the entire scenario). What does djbdns do so that "The key to DNS cache poisoning is that the first good answer wins."
(Log in to post comments)
Details of the DNS flaw revealed Posted Aug 13, 2008 18:25 UTC (Wed) by jake (editor, #205) [Link] djbdns has always had source port randomization which is the technique used to alleviate the current problem. Few other DNS implementations used source port randomization, but those that did were also not vulnerable to this attack. Or perhaps not *as* vulnerable is a better way to put it. After the big patch last month, all of the major DNS implementations have roughly the same level of vulnerability to this attack. jake
Details of the DNS flaw revealed Posted Aug 13, 2008 18:31 UTC (Wed) by njs (subscriber, #40338) [Link] djbdns doesn't do anything magic, and the first good answer still wins; it's just that the patch everyone else had to apply -- to enable source port randomization, which makes it harder for an attacker to provide a "good answer" -- was already built-in to djbdns. Now that everyone's had to patch, djbdns is just as resistant (or not, see the end of the article) as everyone else.
|
|||||||||||