[nsp-sec] DNS vulnerability CVE-2008-1447/VU#800113
Gert Doering
gert at greenie.muc.de
Wed Jul 9 06:13:45 EDT 2008
Hi,
On Wed, Jul 09, 2008 at 11:09:47AM +0200, Florian Weimer wrote:
> that ISPs and large enterprises actually implement the patches.
> However, that's my personal opinion--I've talked to about a dozen
> people about this bug, and there were only two (three including me)
> who thought that we could avoid major outages/problems. The optimists
> (realists?) are clearly in the minority.
What would a "major outage" be?
(Maybe I'm not creative enough today, but even a successful DNS poisioning
attack will effectively only hit a few end users - unless a major ISP
neglected to upgrade their DNS infrastructure, but even then, it's only
localized to a few domains)
Of course I'm a good citizen and have already upgraded our infrastructure
(and happily discovered that the move "use different products" achieved
"main recursive resolver is using powerdns, which is not affected") :-)
gert
--
Gert Doering
SpaceNet AG, AS 5539, gert at space.net. PGP-KeyID: 0x65514975
Also reachable via gert at greenie.muc.de and gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20080709/3b072032/attachment-0001.sig>
More information about the nsp-security
mailing list