[EAS] IPAWS IP
Alex Hartman
goober at goobe.net
Fri Jun 29 09:57:16 CDT 2012
As i've said in the past, using DNS is okay for the very reason here.
You can do fake load balancing (round robin) quite easily. Down side
of this is obviously if one of the servers is offline, it times out
for that particular request, or every 10th request the FQDN gets.
Though, i would have liked to see FEMA put in a few of their own DNS
servers and use a "fake" FQDN like .eas or something. This would add a
fair chunk of security since IPv6 wasn't mandated in these devices to
have native IPSEC. Using fema.gov is hard enough to spoof, but not
overly hard to poison slave DNS servers. But, poisoning some DNS
servers is all you need to cause a very large problem.
--
Alex Hartman
More information about the EAS
mailing list