|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Multiple DNS implementations vulnerable to cache poisoning
On Wed, Jul 09, 2008 at 04:39:49AM -0400, Jean-Fran?ois Mezei wrote: > My DNS server made the various DNS requests from the same port and is > thus vulnerable. (VMS TCPIP Services so no patches expected). Well, yes, but unless I've badly misunderstood the situation, all that's necessary to mitigate this bug is to interpose a non-buggy recursive resolver between the broken machine and the Internet at large, right? So just make sure your corporate/campus edge router has a reasonable named on it, and point everything broken at that, and you should be ok, even though, as you note, DEC won't be updating VMS any time soon. :-) Cheers, -- jr 'Compaq? No, that's HP now, isn't it?' a -- Jay R. Ashworth Baylink [email protected] Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin)
|