[dns-operations] More info on the Windows DNS RPC interface vulnerability

Duane Wessels wessels at packet-pushers.com
Fri Apr 13 23:53:37 UTC 2007

Previous message (by thread): [dns-operations] More info on the Windows DNS RPC interface vulnerability
Next message (by thread): [dns-operations] [exploits] RPC vuln in DNS Server (fwd)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

So, for the record (and to assert my understanding) it looks like
this attack does not use DNS messages or port 53 at all.

It happens that the DNS server on windows listens for some
RPC/management stuff on a >1024 TCP port, and this is where the
attack comes in.

Duane W.

Previous message (by thread): [dns-operations] More info on the Windows DNS RPC interface vulnerability
Next message (by thread): [dns-operations] [exploits] RPC vuln in DNS Server (fwd)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dns-operations mailing list