[kwlug disc.] DNS security threat

Insurance Squared Inc. gcooke at insurancesquared.com
Fri Aug 1 10:27:39 EDT 2008 

Is that correct, about running an internal DNS?  Because that's exactly 
what I do (DNS on local server, behind my home router/firewall.  It 
serves to the public only my domains and serves the internal network 
with any domain).  Yet the testing tool shows my DNS as being unsafe.  
It's not clear to me, because it's not even clear to me what the exploit 
is - unsure if they've even released this.

Is there patches available for the common DNS packages like bind?

g.


Rashkae wrote:
> Paul Nijjar wrote:
>
>   
>> One big problem appears to be NAT -- even if the upstream DNS server
>> is okay, the way that NAT deals with ports can screw things up again.
>> I am worried about this because our IPCop box is doing NAT. 
>>     
>
>
> You NAT won't make any difference whatsoever.  NAT only makes things
> more complicated if the DNS server is behind a one, because the DNS
> 'patch' on the DNS server can no longer randomize the port at which the
> DNS server tries to do it's magic.
>
>
>   
>> As of right now my runs on doxpara.com are still returning that Rogers
>> is vulnerable. Could somebody else who is on Rogers (and maybe who is
>> not using NAT) verify this? I have been trying to track down
>> confirmation on the web but I keep getting results about the Rogers
>> decision to redirect bad DNS connections to advertising pages instead. 
>>
>>     
>
> I would just install Bind on a local machine of my network and use that
> as my DNS server.  It's much faster and more reliable than Rogers
> overloaded systems, and even if you don't update, as long as you are
> behind a firewall, this attack is effectively neutered..  (To be more
> precise, the attack would have be launched from a PC within your
> network, directed at a DNS server the attacker doesn't even see from
> outside your network.  Though theoretically very possible, I'm not
> seeing this as a likely in wild method.  In any case, all distros
> currently maintained have had a patch for weeks!)
>
> _______________________________________________
> KWLUG-Disc mailing list
> KWLUG-Disc at kwlug.org
> http://listserv.kwlug.org/mailman/listinfo/kwlug-disc
>
>   

-- 
Glenn Cooke
Insurance Squared Inc.
www.insurancesquared.com
1-866-779-1499

Agent discussion forum: http://www.americaninsurancebroker.com
Free US broker directory: http://directory.americaninsurancebroker.com
Free Canadian broker directory: http://www.canadianinsurancebroker.com

More information about the KWLUG-Disc mailing list