Package: djbdns Followup-For: Bug #516394 Not sure if any of the previous reporters actually read http://cr.yp.to/djbdns/forgery.html , but it occurs to me as if this problem is a problem in the current DNS protocol that cannot be prevented *at all*. However, it can be made significantly harder to exploit though the definition of hard means here "for send thousands/millions/billions of packets to exploit the problem."
Thus I am not sure if this is a bug in djbdns (not more than it is a bug in telnet that sniffing packets gets you the session in cleartext) - maybe dnssec/dnscurve http://dnscurve.org/ would help. -- System Information: Debian Release: squeeze/sid APT prefers stable APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable'), (500, 'oldstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.29-rc8-git-sonne (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages djbdns depends on: ii libc6 2.9-6 GNU C Library: Shared libraries Versions of packages djbdns recommends: ii daemontools 1:0.76-3 a collection of tools for managing ii daemontools-run 1:0.76-3 daemontools service supervision ii make 3.81-5 The GNU version of the "make" util ii ucspi-tcp 1:0.88-2 command-line tools for building TC Versions of packages djbdns suggests: pn dnscache-run <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
