[dns-operations] More info on the Windows DNS RPC interface vulnerability

Duane Wessels wessels at packet-pushers.com
Fri Apr 13 23:53:37 UTC 2007

So, for the record (and to assert my understanding) it looks like
this attack does not use DNS messages or port 53 at all.

It happens that the DNS server on windows listens for some
RPC/management stuff on a >1024 TCP port, and this is where the
attack comes in.

Duane W.

More information about the dns-operations mailing list