In a message written on Tue, Aug 04, 2009 at 11:32:46AM -0700, Kevin Oberman wrote: > There is NO fix. There never will be as the problem is architectural > to the most fundamental operation of DNS. Other than replacing DNS (not > feasible), the only way to prevent this form of attack is DNSSEC. The > "fix" only makes it much harder to exploit.
I don't understand why replacing DNS is "not feasible".
--
Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
pgp0LbhMs8nUf.pgp
Description: PGP signature
