how to protect name servers against cache corruption

"Thomas H. Ptacek" writes:

> The same could be said of IP. If you forge packets and ICMP or UDP attack
> MAE's) you can do it with impunity and effectively knock entire ISP's off
> the internet.

I'm unaware of any attacks occurring now that do not leverage superior
bandwidth (ie, ping flooding from a DS3 a DS1 circuit) that are not
addressed in some manner at an operating system or user level.

You aren't aware of lots of things. As it stands, I suspect that a
large fraction of the network infrastructure could be brought down by
a sufficiently determined jerk with a single DS0 bandwidth circuit,
although things are not nearly as bad as they were a year ago. And no,
I'm not going to tell you how. And yes, I and the other real security
geeks *do* care and are trying to do our best to fix the situation.

Unfortunately, a bizarre faction of people have decided that the best way
to address problems that are made difficult to repair by the design of
legacy software is to deny that they A.) exist or B.) are fixeable.

You don't know what you are talking about. Let me rephrase that. You
REALLY don't know what you are talking about.

Might I sugest that you quit playing network and security engineer and
leave those of us who are trying to get work done alone?