[dns-operations] "Cybercrooks exploiting new Windows DNS flaw"

Stasiniewicz, Adam stasinia at msoe.edu
Fri Apr 13 20:44:18 UTC 2007


Yes, if you are an ISP, registrar, DNS host, large company, etc.  But not one of them are running external Windows DNS servers.  I am referring to those small and medium size companies who use Windows for their internal and external DNS.  As those will be the only people who would make a Windows DNS server Internet accessible.  
 
 
________________________________

From: dns-operations-bounces at lists.oarci.net on behalf of Roland Dobbins
Sent: Fri 4/13/2007 3:26 PM
To: dns-operations at lists.oarci.net
Subject: Re: [dns-operations] "Cybercrooks exploiting new Windows DNS flaw"




On Apr 13, 2007, at 1:23 PM, Stasiniewicz, Adam wrote:

> But the firewall rule is always UDP 53 inbound allow, drop 
> everything else.  It goes without saying that there are also 
> stateful packet inspection rules.

This is categorically untrue.  Many DNS servers have no firewalls at 
all in front of them (and rightly so, to avoid the DoS vector 
resulting from the additional sate), and as to the posited filtering 
policy, this is far from universal (it breaks truncate mode, for one 
thing).

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

         Words that come from a machine have no soul.

                       -- Duong Van Ngo

_______________________________________________
dns-operations mailing list
dns-operations at lists.oarci.net
http://lists.oarci.net/mailman/listinfo/dns-operations


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20070413/e93e3213/attachment.html>


More information about the dns-operations mailing list