Mail Archives: cygwin/2003/03/04/22:01:30
--=-bYgT4GLBw76/fascZ973
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Randall:
There's nothing that a legitimate DNS server can elicit from a client.
Although, in some special cases, clients can be hacked by specially
crafted DNS responses.
However, if a system is infected with a trojan, then obviously said
system has the potential to be used as a zombie for attacking any
server. In this instance (regarding DNS), ZoneAlarm would do you some
good provided that you never send DNS queries outside of ones network.
But exactly how plausible is that? What I'm questioning is this: how
helpful is the DNS activity alert on ZoneAlarm? Unless it's looking for
the myriad of DNS vulnerablities listed at CERT and other similar
resources, then it's a farily usless check, IMHO. And given that it
appears (from my limited perspective) to be flagging normal DNS traffic,
then I'm of the opinion it's quite useless indeed for the application in
which it's intended to be used, and has in this instance raised concern
where none is actually warrented.
But to answer your original question regarding the data that can be
"sneakily sent via a DSN request", check this out:
http://search.cert.org/query.html?col=3Dcertadv&col=3Dvulnotes&ht=3D0&qp=3D=
&qt=3DDNS+BIND&qs=3D&qc=3D&pw=3D100%25&ws=3D1&la=3Den&qm=3D0&st=3D1&nh=3D25=
&lk=3D1&rf=3D2&rq=3D0&si=3D1
On Tue, 2003-03-04 at 00:53, Randall R Schulz wrote:
> David,
>=20
> At 21:20 2003-03-03, David Means wrote:
> >On Mon, 2003-03-03 at 23:59, Randall R Schulz wrote:
> > > Geoffrey,
> > >
> > > ...
> > >
> > > Oops. I mean what data can sneakily be sent via a DNS request?
> > >
> > > Randall Schulz
> >
> >Actually, plenty. Historically, Bind has been easily=20
> >hacked. Although it's been a while since a good vulnerability was=20
> >found in Bind, that doesn't mean there's not an unknown hole in it=20
> >which could be exploited.
>=20
> Please be specific. What information can be elicited by the DNS server=20
> from the DNS client when the client makes a DNS request?
>=20
> I really think there are more important things to worry about, but I'd=20
> like to learn how I might be wrong.
>=20
>=20
> >--
> >David Means
>=20
>=20
> Randall Schulz=20
>=20
>=20
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
--=20
David Means
Being a programmer is like being married: You talk to your
spouse about lots of things, only to find that something you=20
said (and promptly forgot) has come back to bite you in the ass=20
months later. =20
--=-bYgT4GLBw76/fascZ973
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEABECAAYFAj5laH0ACgkQUd0KwqAz4arMYgCfXCTkz5GD0sIIsdD0WAATFuX/
cqgAnAln/Fy7py6TfFsa0xi8riAaxO9g
=0b5h
-----END PGP SIGNATURE-----
--=-bYgT4GLBw76/fascZ973--
- Raw text -