[dns-operations] Use of Views/ACLs to defeat DNS rebinding/pinning attacks?
Roland Dobbins
rdobbins at cisco.com
Tue Aug 7 21:32:00 UTC 2007
On Aug 7, 2007, at 2:28 PM, David Ulevitch wrote:
> The "internal host access" is an important point, but it's not
> required
> for the attack, nor is it what folks should be focused on, it's just a
> symptom of the problem.
Correct - it's simply an application of the technique. As it's one
of great concern for enterprises, it seems to me that since there
might be a low-drag way of combatting this particular application
using existing BIND ACLs/Views (or maybe by slightly enhancing these
existing tools), such an effort might be worthwhile.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Culture eats strategy for breakfast.
-- Ford Motor Company
More information about the dns-operations
mailing list