[AusNOG] FW: The worst thing about the exploit -- Have you done your part?

jay binks jaybinks at gmail.com
Mon Jul 28 10:46:45 EST 2008


its probably quite easy to guess who, but is it worth a name & shame.
A bit of bad publicity may get them patched :)

maybe a front page wingepool "story" on 1 month later, and these networks
still have vulnerable DNS servers :)

maybe thats just nasty. ( or asking for them to be exploited )
but it may get some action.

Jay



On Mon, Jul 28, 2008 at 10:20 AM, Noel Butler <noel.butler at ausics.net>wrote:

>  On Sun, 2008-07-27 at 00:14, Skeeve Stevens wrote:
>
> *A good post re the current situation... what is the state of Australia's
> biggest DNS servers?*
>
>
> pathetically poor, the two largest networks fail the tests on the select
> NS's of theirs that I tested, and are two weeks later, still vulnerable
> *sigh*
>
> Their hostmasters must be 18yo kids doing 2 hours a week work when uni
> permits :)
>
>
>
>  *...Skeeve
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On Behalf
> Of Alan Clegg
> Sent: Saturday, 26 July 2008 11:28 PM
> To: DNS BIND
> Subject: The worst thing about the exploit -- Have you done your part?
>
> BIND-USERS,
> One issue about this exploit that I think a lot of people may be
> overlooking is the fact that it does not directly impact the OWNER of
> the DNS records in question, but the CONSUMERS of that data.
>
> As the owner of "my-cheap-rail-tickets-online.com", you can patch
> everything you own, insure that your firewalls are perfect, and hire
> five extra DNS admins, but it's not going to help you keep your clients
> healthy and happy.
>
> Your clients are the mom-n-pop users -- the folks at the end of the
> ISP's feeding chain.  The people that don't the difference between the
> US state code for Tennessee and the country code for Tunisia.  The folks
> using "Billy Bob's Bait-and-Tackle (and Internet Stuff)" as a provider.
>
> Your business depends on Billy Bob getting his recursive servers fixed
> so that your customers can still get to your website (or the websites of
> your co-located customers, etc.)
>
> Does that scare anyone?  It scares me.. a lot.
>
> How do we get out and inform Billy Bob that something that has been
> working just fine for years is suddenly not quite so perfect and that
> his customers might be affected.
>
> Additionally, Billy Bob's customers are going to be affected in ways
> that don't directly affect his operations, so it's hard to get him to
> understand why he needs to do anything.  His customers will still be
> sending him the check every month even if their login information for
> "my-cheap-rail-tickets" was siphoned off to someone in a foreign land.
>
> By being on this list, you have proven that you actually are interested
> in the DNS infrastructure.  If you look around, you won't see Billy Bob
> here, and yet, he affects YOUR customers, and by that, your profit
> margin (or reputation).
>
> What can we as the bind-users community do about Billy Bob?
>
> Have you contacted your local ISPs (or tested their servers since they
> well may be open recursors?)  Have you pounded the pavement and talked
> to folks at your local users groups and tech gatherings about the problem?
>
> I'm willing for anyone to use my slides (**http://alan.clegg.com/800113* <http://alan.clegg.com/800113>)
> as the basis for spreading the word.  Make presentations.  Tell your
> friends.  Tell your colleagues.  TELL YOUR COMPETITION.
>
> I'm planning to have a video of me giving the presentation on-line soon
> so that the nuances of the presentation are more clear, but if you have
> any questions regarding it before then, please send me mail (off-list).
>
> The storm is coming.. have you done your part?
>
> AlanC
>
>
>
> _______________________________________________
> AusNOG mailing listAusNOG at ausnog.net*http://lists.ausnog.net/mailman/listinfo/ausnog* <http://lists.ausnog.net/mailman/listinfo/ausnog>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>


-- 
Sincerely

Jay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20080728/fa7d043d/attachment.html>


More information about the AusNOG mailing list