This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[dns-wg] New on RIPE Labs: NXNSAttack: Upgrade Resolvers to Stop New Kind of Random Subdomain Attack

• Previous message (by thread): [dns-wg] New on RIPE Labs: NXNSAttack: Upgrade Resolvers to Stop New Kind of Random Subdomain Attack
• Next message (by thread): [dns-wg] New on RIPE Labs: NXNSAttack: Upgrade Resolvers to Stop New Kind of Random Subdomain Attack

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mukund Sivaraman muks at mukund.org
Wed May 20 22:29:37 CEST 2020

Hi Geoff

On Thu, May 21, 2020 at 05:49:43AM +1000, Geoff Huston wrote:
> This is not a “newly discovered vulnerability. This was presented at DNS OARC 21 by Florian Maury
> in 2015 https://indico.dns-oarc.net/event/21/contributions/301/attachments/272/492/slides.pdf,
> and also details the fixes applied to resolvers at the time.
> 
> As Florian also points out the generic vulnerability of unbounded work flows was identified by 
> Dr Paul Mockapetris in RFC1034 in 1987.

This one is along similar lines but different. This attack bypassed the
limits on recursion and indirection that were added by the previous one.

		Mukund

• Previous message (by thread): [dns-wg] New on RIPE Labs: NXNSAttack: Upgrade Resolvers to Stop New Kind of Random Subdomain Attack
• Next message (by thread): [dns-wg] New on RIPE Labs: NXNSAttack: Upgrade Resolvers to Stop New Kind of Random Subdomain Attack

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ dns-wg Archives ]