Re: Fingerprinting DNS implementations.

[Jim Reid <jim@rfc1035.com>]

>>>>> "Dean" == Dean Anderson <dean@av8.com> writes:

    Dean> I'm wondering why you are doing this.  This sort of tool
    Dean> could be abused by crackers.

So could many other tools. Like compilers. Do you want to ban them too?

    Dean> I am particularly where is sounds like your are looking for
    Dean> fingerprints for vendors that have obscured their responses
    Dean> in order to prevent fingerprinting.

Well perhaps those vendors would then spend time fixing security bugs
in their code instead of investing in futile efforts to conceal them?

    Dean> DNS is a critical piece of infrastructure, and fingerprints
    Dean> allow the cracker to use the right attack the first time,
    Dean> without revealing their attack.

This presumes the crackers and script kiddies have that sort of
finesse. If they've got a bunch of attacks to penetrate name servers,
they'll more than likely try them all and go with the ones that
succeed against their victims. And anyway, if an attack succeeds, it's
too late. The damage has already been done. How the choice of attack
was made -- if there was a selection! -- is irrelevant.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>