On Fri, Mar 14, 2014 at 09:45:25AM -0400, Mark Allman wrote:
> - We have found 7--9% of the open resolver population---or 2-3 million
> boxes---to be vulnerable to this cache poisoning attack. (The
> variance is from different runs of our experiments.)
I've noted that ~30% of the open
Just a quick note to let folks know about a new vulnerability we have
found in some low-rent DNS forwarders---which we have been calling the
'preplay attack'.
The finding is that when the vulnerable open resolvers receive a DNS
response they just look at the query string in the response to see if
