Florian Weimer writes:
> Here's an attempt of a write-up of the maths involved, ready for pasting
> into LaTeX. Hopefully, it's not too embarrassing for me. It's been a
> while I did such stuff, probability theory wasn't my forte, and I have
> no idea what to do to reduce the final quotient.
T
* Russ Allbery:
> The remaining statement on this bug from the security team is:
>
> | djbdns should not be part of squeeze until it is properly hardened
> | against cache poisoning. It is between 100 and 200 times easier than
> | with other DNS servers.
>
> I don't understand the basis of that c
Robert Edmonds writes:
> Russ Allbery wrote:
>> So far as I understand the additional protection provided by duplicate
>> query merging, the attack that protects against practically requires
>> direct access to the caching resolver, so listening only on localhost
>> (or the equivalent) would make
Russ Allbery wrote:
> So far as I understand the additional protection provided by duplicate
> query merging, the attack that protects against practically requires
> direct access to the caching resolver, so listening only on localhost (or
> the equivalent) would make dnscache equivalently secure t
On Fri, Jan 6, 2012 at 19:46, Russ Allbery wrote:
> Sergiusz Pawlowicz writes:
>
>> As dnscache in Debian package is not configured to be run out of the
>> box, security team effectively prohibits the community from using
>> absolutely free, safe and efficient software, as there is no exploits
>
debian-newmaint really isn't the place for this discussion, so I'll copy
the bug and will send further discussion directly there. I'm not
subscribed to the bug, so please copy me if you want me to see replies.
Sergiusz Pawlowicz writes:
> As dnscache in Debian package is not configured to be ru
Package: djbdns
Severity: normal
Hi there,
please do forgive me if I've got the wrong end of the stick here or the code
I've posted is completely wrong or makes no sense. It would be nice to get
djbdns back into testing. As I understand it, this bug works by getting dnscache
to send extensive nu
7 matches
Mail list logo
