Well it did specifically call out DNS hijacking as the permissible "remedy",
and not actual network hijacking.
Fortunately, secure DNS servers plus DNSSEC were designed to prevent bad actors from altering DNS results in-stream. This is good because now the ultimate bad actor wants to do it.
The more the Empire tightens its grip, the more star systems slip through its fingers.
Fortunately, secure DNS servers plus DNSSEC were designed to prevent bad actors from altering DNS results in-stream. This is good because now the ultimate bad actor wants to do it.
The more the Empire tightens its grip, the more star systems slip through its fingers.
Right, there are ways around it, but if they stop the unwashed masses, then they consider it a success.
I take it back there is one way:
Mandate a compromised IP stack + backdoored CPU ( vpro, for example ) on every machine that connects to the network.
I remember in the old days of dial-up how some companies had their own custom IP stack + software to be able to connect to their service. Sure, it was not nefarious at the time as it was still the early days, but i was thinking "this could be really bad if used the wrong way"
Sure, if it was AOL or Prodigy, they had a custom IP stack, but it was only
there so you could run "regular" TCP/IP software while using them as a network
provider. Most of the others just shipped a skinned version of Trumpet Winsock.