HAR: DNSSEC restoring trust in DNS by Roland van Rijswijk
August 15th, 2009
No comments
Links from the HAR2009 site: Talk description and Slides.
Roland started off by explaining the basics of DNS Cache poisoning and the details of the trick discovered by Dan Kaminski last year. Explaining why you don’t have to wait for the answer to expire to in order to poison the cache.
Quite a bit of the patching done after the Kaminski attack became public is actually been undone by NAT-ing firewalls, who do not randomize the source ports the use to keep track of their NAT table.
Read more…
Categories: Conferences, HAR2009 Bert Hubert, DNSSEC, har2009, openDSNSEC, powerDNSSEC, rick van rein, Roland van Rijswijk, Security
