[dns-operations] All Too Quiet?

Calvin Browne calvin at orange-tree.alt.za
Tue Jul 29 07:55:02 UTC 2008

On Mon, 28 Jul 2008 15:44:05 -040), <Jon.Kibler at aset.com> wrote:

> Hash: SHA1
> Greetings All,
> Okay, this is NOT a complaint. It is an observation / question.
> Has anyone observed any real DNS scans other than those of known test
> programs or researchers? I am not aware of any scans of significance.
> So, this is why I ask: Why is it so quiet?
> One one hand, since so many major ISPs have yet to patch, I am SO VERY
> GLAD (!!!) that no one has tried to exploit this vulnerability -- yet.
> On the other hand, does this lack of attacks once again give management
> the excuse to categorize "I.T. Security" as "Chicken Little"?
> Let's look at the current state of affairs from a management perspective:
>   -- You (I.T. Security) said we had a major vulnerability to contend with.
>   -- You said that as soon as it became public, it was certain to be
> exploited, and the consequences would be serious.
>   -- You said that we had to drop everything and patch NOW.
>   -- Well, at great expense and inconvenience, I (management) listened
> to you and we dropped everything, and we are now patched.
>   -- It has been nearly a week since the vulnerability was disclosed,
> and you told me late last week there were multiple exploits now
> available to compromise insecure DNS servers.
>   -- You said that with exploits now available, that "the bad guys" were
> sure to start using them "any day now" to compromising the DNS servers
> that are not yet patched.
>   -- You can't even show me one time where we have had a hostile scan of
> our name servers.
>   -- You say we are "just lucky" that "the bad guys" haven't started
> trying to exploit this. I don't believe in luck. If it was as easy to
> exploit name servers as you have claimed, and the exploits would be as
> devastating as you have claimed, I cannot believe that "the bad guys"
> would not be taking maximum advantage of it.

I can confirm that there have been hostile attempts out there to exploit
this vulnerability.

>   -- Your credibility is now just about zero. Why should I listen to you
> the next time that you come to me with a "pending crisis for which we
> must patch now"?

If, for example, the various parties' credibility is zero - why does
management still use their software?


> I am already hearing this type of grousing from management of various
> clients. How do we explain to managers that we have indeed been lucky
> and this was indeed as serious as indicated two plus weeks ago?
> And, to repeat my original question: Why is it so quiet?
> TIA!
> Jon Kibler
> P.S. I am looking for constructive comments. No need to respond with
> "All managers are idiots."
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA

More information about the dns-operations mailing list