[dns-operations] "Cybercrooks exploiting new Windows DNS flaw"
Stasiniewicz, Adam
stasinia at msoe.edu
Fri Apr 13 20:44:18 UTC 2007
Yes, if you are an ISP, registrar, DNS host, large company, etc. But not one of them are running external Windows DNS servers. I am referring to those small and medium size companies who use Windows for their internal and external DNS. As those will be the only people who would make a Windows DNS server Internet accessible.
________________________________
From: dns-operations-bounces at lists.oarci.net on behalf of Roland Dobbins
Sent: Fri 4/13/2007 3:26 PM
To: dns-operations at lists.oarci.net
Subject: Re: [dns-operations] "Cybercrooks exploiting new Windows DNS flaw"
On Apr 13, 2007, at 1:23 PM, Stasiniewicz, Adam wrote:
> But the firewall rule is always UDP 53 inbound allow, drop
> everything else. It goes without saying that there are also
> stateful packet inspection rules.
This is categorically untrue. Many DNS servers have no firewalls at
all in front of them (and rightly so, to avoid the DoS vector
resulting from the additional sate), and as to the posited filtering
policy, this is far from universal (it breaks truncate mode, for one
thing).
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Words that come from a machine have no soul.
-- Duong Van Ngo
_______________________________________________
dns-operations mailing list
dns-operations at lists.oarci.net
http://lists.oarci.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20070413/e93e3213/attachment.html>
More information about the dns-operations
mailing list