On Tue, 2004-08-24 at 15:23 +0200, Harald Hoyer wrote: > Colin Walters wrote: > > Sure. You can also answer DNS requests faster than the company DNS > > server. There's nothing new here, these protocols are insecure. Barring > > widespread use of DNSSEC, security has to come at a higher level via > > IPSec, TLS, etc. > > DNS or DHCP? Both. They both have the exact same potential problems. Actually, *any* protocol has this problem, unless it has some sort of authentication method. I can easily put up a web server on the local net that answers for the same IP as the corporate web server. If the connection isn't encrypted or the clients ignore certificate warnings, I can attack your network with very little effort once I'm inside. > > -- Sean Middleditch <elanthis@xxxxxxxxxxxxxxx> AwesomePlay Productions, Inc.
