On Oct 2, 2012, at 7:59 AM, Rubens Kuhl <[email protected]> wrote: >> >> Much better and very detailed analysis (by the same author!) So, it >> was not DNS poisoning at all but a change in the DNS settings of the >> router, after the box was cracked. (DNSchanger-style) >> >> http://www.securelist.com/en/blog/208193852/The_tale_of_one_thousand_and_one_DSL_modems >> ______________________________________________ > > > DNSSEC alone wouldn't have provided much relief on this, but DNSSEC+DANE+HSTS > could. Most of it due to HSTS, but we need to cover the rogue CA > attack-vector.
DNSSEC on the *host / stub* would have though. W > > > Rubens > > > > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs > _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
