Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14
  1. #11
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,399

    Default

    Quote Originally Posted by Jim.Alles View Post
    I think cache poisoning can occur anywhere
    https://en.wikipedia.org/wiki/Dan_Kaminsky

    DNSSEC mitigates it
    https://leeneubecker.com/dnssec-what...t-your-domain/

    And can be configured on NGFW for ISPs that support it.
    https://forums.untangle.com/off-topi...w-opendns.html
    Your reply exactly confirms my assertion...it's not the transport, but the origination (your domain) being compromised, or the termination (DNS server) being compromised. If it's the latter, you can do nothing locally to fix the issue but configure a different DNS, if the former, well encrypting 1 request doesn't evict a perpetrator...nothing should be trusted until proper eviction (i.e., discovery and removal) and a known secure state again can be built upon. This is another reason why unmanaged devices within ones protected domain is so problematic...you simply don't know what you don't know. TNO! TNO!
    Last edited by f1assistance; 05-20-2020 at 09:45 AM.
    Vanguard Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM
    And building #7 didn't kill itself!

  2. #12
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,012

    Default

    I was looking at it as MITM - that's intercepted transport
    f1assistance likes this.

  3. #13
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,399

    Default

    Quote Originally Posted by Jim.Alles View Post
    I was looking at it as MITM - that's intercepted transport
    I believe those 'attacks' happen upstream/downstream of the ISP (either end), correct?
    I consider ISP's and telecom the packet 'transport' across our earthly interweb.

    Edit: Upstrem is origination, downstream is the termination...
    Last edited by f1assistance; 05-20-2020 at 10:21 AM.
    Vanguard Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM
    And building #7 didn't kill itself!

  4. #14
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,399

    Default

    Quote Originally Posted by Jim.Alles View Post
    Code:
    -Q, --query-port=<query_port>
    Send outbound DNS queries from, and listen for their replies on, the specific UDP port <query_port> instead of using random ports. NOTE that using this option will make dnsmasq less secure against DNS spoofing attacks but it may be faster and use less resources. Setting this option to zero makes dnsmasq use a single port allocated to it by the OS: this was the default behaviour in versions prior to 2.43.
    From the 2.43 changelog: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
    Would you consider these "spoofing attacks" a concern within the destination nameserver's domain, or within the domain making the query, or anywhere between the two domains having this transmission (i.e., across the interweb)?
    Vanguard Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM
    And building #7 didn't kill itself!

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2