[dns-operations] "Cybercrooks exploiting new Windows DNS flaw"

Stasiniewicz, Adam stasinia at msoe.edu
Fri Apr 13 23:43:38 UTC 2007

Look, I am getting really sick of this point-by-point argument.  The
underlying statement I am have been trying to make here is this exploit will
not reach the epidemic size that things like Slammer and Code Red did.  Sure
there are servers that will get exploited and there will be viruses written,
but because of the added difficulty in this exploit (communicating over RPC)
and the lack of servers running Windows DNS (compared to Windows 2000
servers that installed IIS by default or the thousands of different apps
that installed MSDE) it will not be that widespread.  Of course it will
affect some people, I just don't see it making all that noticeable of an
impact on the world as other exploits have in the past.  

This is my opinion, if you disagree that is your right.

Either way this debate is getting too heated and I don't see a compromise in
sight.  Feel free to poke holes in my theory, but in an effort to keep this
from dragging on, I will refrain from responding to future posts on this

Adam Stasiniewicz

-----Original Message-----
From: dns-operations-bounces at lists.oarci.net
[mailto:dns-operations-bounces at lists.oarci.net] On Behalf Of brett watson
Sent: Friday, April 13, 2007 5:57 PM
To: dns-operations at lists.oarci.net
Subject: Re: [dns-operations] "Cybercrooks exploiting new Windows DNS flaw"

On Apr 13, 2007, at 1:44 PM, Stasiniewicz, Adam wrote:

> Yes, if you are an ISP, registrar, DNS host, large company, etc.   
> But not one of them are running external Windows DNS servers.  I am  
> referring to those small and medium size companies who use Windows  
> for their internal and external DNS.  As those will be the only  
> people who would make a Windows DNS server Internet accessible.

That's just not true. In my experience, there are plenty of large,  
multi-million/billion $/year companies that put Windows boxes right  
out in the open (DNS and other services enabled), as well as plenty  
of ISPs, etc.

I just don't think you can make generalizations like that and assume  
only small/mid size companies make these mistakes.

I'm making know predictions on the scope of this specific exploit but  
I think it has the potential to be a lot bigger than you think.


dns-operations mailing list
dns-operations at lists.oarci.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3111 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20070413/f24eac58/attachment.bin>

More information about the dns-operations mailing list