rmeyer@mhsc.COM (Roeland M.J. Meyer) writes:
>That's not what Paul said.
>> Randy Bush writes:
>> this is false and specious garbageBoth statements are true. You can hijack domain names and insert
bogus data in caches without hacking any root servers. It is much
easier to just e-mail a domain modify template to NSI, and insert
some bogus IP addresses for certain names. Similar to what happened
to AOL last year (actually it appears to be a glue issue on some NS
records).I think some people are getting too wrapped up in some really exotic
attacks on DNS, when the simple ones still work.
Who was it that said, "never attribute to malice..."
While the clever pranks/attacks are interesting and
potentially very disruptive, simple mistakes and
social manipulation can/do cause lots of highly
visable impact. Somewhat akin to tossing a lighted
match into a powder keg. I hope these "fireworks"
prove to be a dud and that our respective holidays
are safe, quiet, and productive.
--bill