[dns-operations] "Cybercrooks exploiting new Windows DNS flaw"

brett watson brett at the-watsons.org
Fri Apr 13 22:56:40 UTC 2007

On Apr 13, 2007, at 1:44 PM, Stasiniewicz, Adam wrote:

> Yes, if you are an ISP, registrar, DNS host, large company, etc.   
> But not one of them are running external Windows DNS servers.  I am  
> referring to those small and medium size companies who use Windows  
> for their internal and external DNS.  As those will be the only  
> people who would make a Windows DNS server Internet accessible.

That's just not true. In my experience, there are plenty of large,  
multi-million/billion $/year companies that put Windows boxes right  
out in the open (DNS and other services enabled), as well as plenty  
of ISPs, etc.

I just don't think you can make generalizations like that and assume  
only small/mid size companies make these mistakes.

I'm making know predictions on the scope of this specific exploit but  
I think it has the potential to be a lot bigger than you think.


More information about the dns-operations mailing list