[dns-operations] "Cybercrooks exploiting new Windows DNS flaw"
Peter Dambier
peter at peter-dambier.de
Fri Apr 13 21:29:42 UTC 2007
Stasiniewicz, Adam wrote:
> Yes, if you are an ISP, registrar, DNS host, large company, etc. But
> not one of them are running external Windows DNS servers. I am
> referring to those small and medium size companies who use Windows for
> their internal and external DNS. As those will be the only people who
> would make a Windows DNS server Internet accessible.
>
Oh, they do exist.
Small companies, hosting some 20 to 50 domains,
resolving for a vlan or even open resolvers.
I know at least two of them.
And they cannot use anything else but Microsoft because of
Active Directory or stuff like that, they say.
Kind regards
Peter and Karin Dambier
>
> ------------------------------------------------------------------------
> *From:* dns-operations-bounces at lists.oarci.net on behalf of Roland Dobbins
> *Sent:* Fri 4/13/2007 3:26 PM
> *To:* dns-operations at lists.oarci.net
> *Subject:* Re: [dns-operations] "Cybercrooks exploiting new Windows DNS
> flaw"
>
>
> On Apr 13, 2007, at 1:23 PM, Stasiniewicz, Adam wrote:
>
> > But the firewall rule is always UDP 53 inbound allow, drop
> > everything else. It goes without saying that there are also
> > stateful packet inspection rules.
>
> This is categorically untrue. Many DNS servers have no firewalls at
> all in front of them (and rightly so, to avoid the DoS vector
> resulting from the additional sate), and as to the posited filtering
> policy, this is far from universal (it breaks truncate mode, for one
> thing).
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
>
> Words that come from a machine have no soul.
>
> -- Duong Van Ngo
>
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.arl.pirates
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/
More information about the dns-operations
mailing list