[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DNS security and spoofing (Re: [cobalt-security] Anyone else get this error?)
- Subject: Re: DNS security and spoofing (Re: [cobalt-security] Anyone else get this error?)
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Mon, 30 Dec 2002 17:03:01 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
EC> Date: 30 Dec 2002 19:39:20 +0300
EC> From: Eugene Crosser
EC> Not really. That part of my the script only runs once, and
Doing a "dig +norec @xxx . ns" sends UDP-based DNS query 0002.
Looking up an IP address sends UDP-based DNS query 0001. If the
DNS query IDs generated by each method are comparable, the safety
of each is comparable.
EC> can be omitted alltogether. Instead, you can (and probably
EC> should) download the key by hand and check the fingerprint
EC> offline (e.g. call friends).
Likewise, one could have a centrally-distributed copy of the
hints file.
Perhaps one should automate downloading the new hints file, let
a script/program compare them, then send a message if material
changes are detected. An admin can verify the contents manually,
then commit the changes. Distribute to other nameservers via a
trustworthy protocol, thus minimizing duplicate effort.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.