Re: comments on nordmark-multi-threats

[Pekka Savola <pekkas@netcore.fi>]

Hi,

Thanks for the response.  Just one comment below.

On Thu, 13 Nov 2003, Erik Nordmark wrote:
> > A couple of observations and minor nits below, nothing major.
> > 
> >    Similarly, if DNS can be compromised, and a change can be made to an
> >    advertised resource record to advertise a different IP address for a
> >    hostname, effectively taking over that hostname.
> > 
> > ==> does this imply DNS threats, in addition to just hacking thezone?
> 
> I don't know what "hacking the zone" means.
> A DNS lookup, without DNSsec, can be spoofed if the
> attacker can spoof the source address, match a (16 bit, probably predictable)
> number in the query, and guess the domain name that was in the query.

"If DNS is compromised" was not unambiguous whether you referred to all 
the threats to the DNS system, rather than just somehow modifying what's 
advertised in the DNS to begin with (e.g., by compromising the DDNS 
updates).  The question seems obvious, but it may be useful to list a few 
examples of DNS threats to spell this out.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings