Re: [ISN] Shocker DNS spoofing vuln discovered three years ago by a student

From: InfoSec News <alerts_at_private>
Date: Fri, 11 Jul 2008 04:35:20 -0500 (CDT)
Forwarded from: jf <jf (at)>

and 3 years before that djb pointed it out as well, its not coincidence 
that djbdns was not vulnerable.

On Thu, 10 Jul 2008, InfoSec News wrote:

> Date: Thu, 10 Jul 2008 03:25:36 -0500 (CDT)
> From: InfoSec News <alerts (at)>
> To: isn (at)
> Subject: [ISN] Shocker DNS spoofing vuln discovered three years ago by a
>     student
> By John Leyden
> The Register
> 9th July 2008
> A flaw in how the internet's addressing system works that sparked a 
> patching frenzy on Tuesday night may has first been uncovered by a 
> student as long as three years ago.
> Shortcomings in how the Domain Name System protocol is implemented by 
> multiple vendors facilitate DNS cache poisoning attacks, security 
> clearing house US CERT warned on Tuesday. Successful exploitation of 
> these security shortcomings creates a means for hackers to spoof DNS 
> replies, allowing for the redirection of network traffic or to mount 
> man-in-the-middle attacks.

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting.
Received on Fri Jul 11 2008 - 02:35:20 PDT

This archive was generated by hypermail 2.2.0 : Fri Jul 11 2008 - 02:47:36 PDT