IETF Logo Mail Archive

Re: how many angels can dance on the head of a pin?

Duane at e164 dot org <duane@e164.org> Sun, 10 August 2008 09:12 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BEB343A6C6D; Sun, 10 Aug 2008 02:12:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.467
X-Spam-Level:
X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[AWL=0.028, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZDNFGAQabylv; Sun, 10 Aug 2008 02:12:06 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id D8A353A6AA5; Sun, 10 Aug 2008 02:12:05 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KS6to-000FDb-PW for namedroppers-data@psg.com; Sun, 10 Aug 2008 09:07:40 +0000
Received: from [208.82.100.153] (helo=mail.aus-biz.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <duane@e164.org>) id 1KS6tl-000F5q-8R for namedroppers@ops.ietf.org; Sun, 10 Aug 2008 09:07:39 +0000
Received: from [192.168.100.244] (dsl-48-19.qld1.net.au [125.168.48.19]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.aus-biz.com (Postfix) with ESMTPSA id 1746BFF26C; Sun, 10 Aug 2008 19:07:31 +1000 (EST)
Message-ID: <489EAFCD.2090204@e164.org>
Date: Sun, 10 Aug 2008 19:07:25 +1000
From: Duane at e164 dot org <duane@e164.org>
User-Agent: Thunderbird 2.0.0.16 (X11/20080724)
MIME-Version: 1.0
To: Alex Bligh <alex@alex.org.uk>
CC: bmanning@vacation.karoshi.com, Namedroppers <namedroppers@ops.ietf.org>
Subject: Re: how many angels can dance on the head of a pin?
References: <200808080237.m782bBqk005628@drugs.dv.isc.org> <489BBA1C.1040107@e164.org> <489E4D44.1080306@links.org> <20080810042136.GA18568@vacation.karoshi.com.> <489E89B6.6090208@e164.org> <01B9CF1DF0A4A4443A6E73A4@nimrod.local>
In-Reply-To: <01B9CF1DF0A4A4443A6E73A4@nimrod.local>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Alex Bligh wrote:

>  1. Lookups would more often take place from behind a NAT. This can reduce
>     entropy and make any given attack easier. Thus remember unlike many
>     attack profiles, sticking a shared cache behind a NAT only serves
>     to make things worse.

I fail to see how this would apply, the reason for randomising the ports
was for publicly accessible caches, such that ISPs run, which can be
queried by the attacker and also for the attacker to send fake replies
at the same time.

If the attacker can't send requests and replies they would need to be in
the path to alter things.

-- 

Best regards,
 Duane

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email