[dns-operations] "Cybercrooks exploiting new Windows DNS flaw"

Peter Dambier peter at peter-dambier.de
Fri Apr 13 21:29:42 UTC 2007

Stasiniewicz, Adam wrote:
> Yes, if you are an ISP, registrar, DNS host, large company, etc.  But 
> not one of them are running external Windows DNS servers.  I am 
> referring to those small and medium size companies who use Windows for 
> their internal and external DNS.  As those will be the only people who 
> would make a Windows DNS server Internet accessible. 

Oh, they do exist.

Small companies, hosting some 20 to 50 domains,
resolving for a vlan or even open resolvers.

I know at least two of them.

And they cannot use anything else but Microsoft because of
Active Directory or stuff like that, they say.

Kind regards
Peter and Karin Dambier

> ------------------------------------------------------------------------
> *From:* dns-operations-bounces at lists.oarci.net on behalf of Roland Dobbins
> *Sent:* Fri 4/13/2007 3:26 PM
> *To:* dns-operations at lists.oarci.net
> *Subject:* Re: [dns-operations] "Cybercrooks exploiting new Windows DNS 
> flaw"
> On Apr 13, 2007, at 1:23 PM, Stasiniewicz, Adam wrote:
>  > But the firewall rule is always UDP 53 inbound allow, drop 
>  > everything else.  It goes without saying that there are also 
>  > stateful packet inspection rules.
> This is categorically untrue.  Many DNS servers have no firewalls at 
> all in front of them (and rightly so, to avoid the DoS vector 
> resulting from the additional sate), and as to the posited filtering 
> policy, this is far from universal (it breaks truncate mode, for one 
> thing).
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
>          Words that come from a machine have no soul.
>                        -- Duong Van Ngo

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.arl.pirates

More information about the dns-operations mailing list