Am I the only person that's annoyed that he just blogged this? When Kaminsky discovered the original flaw he kept it quiet and got a ton of nameservers patched before it leaked. Now this guy finds a problem with the patch, so he posts it on his blog immediately with helpful exploit code attached. What the hell?
The attacker in this scenario appears to be able to deliver 40kpps to the target <i>before</i> the legitimate server's response lands. The writer says he's on a GigE link --- presumably, he means "on the same GigE as the target resolver".<p>In the real world, attackers with that vantage point have better ways to hijack the DNS; for instance, they can usually reconfigure the target server.<p>Your LAN is way, way more owned than the Internet at-large is. Pretty much every network attack devised since 1992 still works on an internal network. The reason this doesn't kill you is, you don't let strangers on your internal network.