On Oct 14, 2018, at 21:09, jsha--- via dev-security-policy <[email protected]> wrote: > > There’s a paper from 2013 outlining a fragmentation attack on DNS that allows > an off-path attacker to poison certain DNS results using IP fragmentation[1]. > I’ve been thinking about mitigation techniques and I’m interested in hearing > what this group thinks. >
The mitigation is dnssec. Ensure your data is cryptographically protected. Paul _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
