Re: Multiple DNS implementations vulnerable to cache poisoning

• From: Chris Adams
• Date: Wed Jul 09 00:15:11 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

Once upon a time, Jean-François Mezei <[email protected]> said:
> The tool uses my internet facing IP as my DNS server and tells me I am
> vulnerable. Since, from the internet, connecting to that IP at port 53
> will not get you to a DNS server, I find the tool's conclusion rather
> without much value.

There are many ways to get your server to look something up other than
allowing direct queries.
-- 
Chris Adams <[email protected]>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

• References:
  • Multiple DNS implementations vulnerable to cache poisoning Buhrmaster, Gary
  • Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth
  • Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth
  • Re: Multiple DNS implementations vulnerable to cache poisoning Lynda
  • Re: Multiple DNS implementations vulnerable to cache poisoning Owen DeLong
  • Re: Multiple DNS implementations vulnerable to cache poisoning Christian Koch
  • Re: Multiple DNS implementations vulnerable to cache poisoning Jimmy Hess
  • Re: Multiple DNS implementations vulnerable to cache poisoning Jean-François Mezei

• Prev by Date: Re: Multiple DNS implementations vulnerable to cache poisoning
• Next by Date: Re: Multiple DNS implementations vulnerable to cache poisoning
• Date Index
• Thread Index
• Author Index
• Historical