[jdev] s2s lookup cascades
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Thu Jul 6 17:30:23 CDT 2006
On 07/06/2006 06:21 PM, Tomasz Sterna wrote:
> On 7/4/06, Norman Rasmussen <norman at rasmussen.co.za> wrote:
>> Most jabber servers seem to give up and _not_ do the dns cascade, but
>> Wildfire seems to do the cascade DNS, generating lots of 'Failed to
>> lookup .de', or 'Failed to lookup .org' records in the log files.
>
> So you say if I'm hosting your parent domain I could take-over and
> spoof your non-functioning (DDoS'ed) XMPP server? Sending SPIM,
> harvesting password. Possibilities are endless. Great, just great.
Given jabber clients' genearlly poor support of SSL/TLS certificate
verification (kudos to Psi for doing it right), resistance to DNS-based
attacks seems like a definite non-priority for the jabber community.
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service
More information about the JDev
mailing list