## page was renamed from DNS/毒盛/2014/Kaminsky手法
## page was renamed from DNS/毒盛2014/Kaminsky手法
## page was renamed from DNS/毒盛再考/Kaminsky手法
## page was renamed from DNS/毒盛再考/Kaminsky
== DNS/毒盛2014/Kaminsky手法 ==
<<TableOfContents()>>

[[DNS/毒盛/Kaminsky手法]]

CVE-2008-1447: DNS Cache Poisoning Issue ("Kaminsky bug")
https://kb.isc.org/article/AA-00924/0/CVE-2008-1447%3A-DNS-Cache-Poisoning-Issue-Kaminsky-bug.html

{{{
DNSSEC is the only definitive solution for this issue.
Understanding that immediate DNSSEC deployment is not a realistic expectation, 
ISC is releasing patched versions of BIND that improve its resilience against this attack.
The method used makes it harder to spoof answers to a resolver
by expanding the range of UDP ports from which queries are sent,
thereby increasing the variability of parameters in outgoing queries.
}}}

この説明を真にうけると危ない。　-- ToshinoriMaeno <<DateTime(2014-03-13T13:51:13+0900)>>

当時のJPRSの説明：
http://jprs.jp/tech/security/multiple-dns-vuln-cache-poisoning.html

[[../tweet]] 文献など

https://00f.net/2012/06/26/dnscache-poisoning-and-siphash/

BlackHat-DC-09-Kaminsky
https://www.blackhat.com/presentations/bh-dc-09/Kaminsky/BlackHat-DC-09-Kaminsky-DNS-Critical-Infrastructure.pdf

== 2008 ==
Kaminsky (finally) provides DNS flaw details
  http://www.cnet.com/news/kaminsky-finally-provides-dns-flaw-details/


http://addxorrol.blogspot.jp/2008_07_01_archive.html