Wietse Venema wrote: > > The claim made in the SUBJECT line is incorrect. > > First of all, whether or not the attack fails depends on the BIND > version being used; for example, the once widely-used BIND 4.8 > forces the TTL to be at least five minutes, stopping the attack. There were numerious fixes in BIND 4.9 which fixed various issues like this. For those that are curious, see doc/bind/vixie-security.ps in the BIND (documentation) distribution. It explicitly mentions fixes which close the holes in BIND with respect to gethostby{name,addr}() checks. --Dave
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:28 PDT