Re: [fw-wiz] SCADA
- From: Dotzero <dotzero@xxxxxxxxx>
- Date: Mon, 27 Apr 2009 14:05:33 -0400
On Mon, Apr 27, 2009 at 1:09 PM, Jim Seymour <jseymour@xxxxxxxxxxx> wrote:
Dotzero <dotzero@xxxxxxxxx> wrote:
So-called "Janus DNS" solves this. First described in print in
Cheswick & Bellovin's "Firewalls and Internet Security: Repelling
the Wily Hacker," I believe.
It's not just executable code. I do a DNS lookup to find out where to
connect to. The proxy passes the answer. It does not guarantee the
answer is correct. And for those who would point to DNSSEC, how many
domains currently sign? When will the root sign? When will .com sign?
firewall-wizards mailing list