Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Subject: Re: why is bash trying to access my DNS? From: David Means To: cygwin AT cygwin DOT com In-Reply-To: <5.2.0.9.2.20030303215029.02dda4a0@pop3.cris.com> References: <5 DOT 2 DOT 0 DOT 9 DOT 2 DOT 20030303205644 DOT 02eeb590 AT pop3 DOT cris DOT com> <5 DOT 2 DOT 0 DOT 9 DOT 2 DOT 20030303194254 DOT 02a82a30 AT pop3 DOT cris DOT com> <5 DOT 2 DOT 0 DOT 9 DOT 2 DOT 20030303194254 DOT 02a82a30 AT pop3 DOT cris DOT com> <5 DOT 2 DOT 0 DOT 9 DOT 2 DOT 20030303205644 DOT 02eeb590 AT pop3 DOT cris DOT com> <5 DOT 2 DOT 0 DOT 9 DOT 2 DOT 20030303215029 DOT 02dda4a0 AT pop3 DOT cris DOT com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-bYgT4GLBw76/fascZ973" Organization: The-Means.net Message-Id: <1046833278.7787.45.camel@milo> Mime-Version: 1.0 Date: 04 Mar 2003 22:01:18 -0500 --=-bYgT4GLBw76/fascZ973 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Randall: There's nothing that a legitimate DNS server can elicit from a client. Although, in some special cases, clients can be hacked by specially crafted DNS responses. However, if a system is infected with a trojan, then obviously said system has the potential to be used as a zombie for attacking any server. In this instance (regarding DNS), ZoneAlarm would do you some good provided that you never send DNS queries outside of ones network. But exactly how plausible is that? What I'm questioning is this: how helpful is the DNS activity alert on ZoneAlarm? Unless it's looking for the myriad of DNS vulnerablities listed at CERT and other similar resources, then it's a farily usless check, IMHO. And given that it appears (from my limited perspective) to be flagging normal DNS traffic, then I'm of the opinion it's quite useless indeed for the application in which it's intended to be used, and has in this instance raised concern where none is actually warrented. But to answer your original question regarding the data that can be "sneakily sent via a DSN request", check this out: http://search.cert.org/query.html?col=3Dcertadv&col=3Dvulnotes&ht=3D0&qp=3D= &qt=3DDNS+BIND&qs=3D&qc=3D&pw=3D100%25&ws=3D1&la=3Den&qm=3D0&st=3D1&nh=3D25= &lk=3D1&rf=3D2&rq=3D0&si=3D1 On Tue, 2003-03-04 at 00:53, Randall R Schulz wrote: > David, >=20 > At 21:20 2003-03-03, David Means wrote: > >On Mon, 2003-03-03 at 23:59, Randall R Schulz wrote: > > > Geoffrey, > > > > > > ... > > > > > > Oops. I mean what data can sneakily be sent via a DNS request? > > > > > > Randall Schulz > > > >Actually, plenty. Historically, Bind has been easily=20 > >hacked. Although it's been a while since a good vulnerability was=20 > >found in Bind, that doesn't mean there's not an unknown hole in it=20 > >which could be exploited. >=20 > Please be specific. What information can be elicited by the DNS server=20 > from the DNS client when the client makes a DNS request? >=20 > I really think there are more important things to worry about, but I'd=20 > like to learn how I might be wrong. >=20 >=20 > >-- > >David Means >=20 >=20 > Randall Schulz=20 >=20 >=20 > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Bug reporting: http://cygwin.com/bugs.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ --=20 David Means Being a programmer is like being married: You talk to your spouse about lots of things, only to find that something you=20 said (and promptly forgot) has come back to bite you in the ass=20 months later. =20 --=-bYgT4GLBw76/fascZ973 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEABECAAYFAj5laH0ACgkQUd0KwqAz4arMYgCfXCTkz5GD0sIIsdD0WAATFuX/ cqgAnAln/Fy7py6TfFsa0xi8riAaxO9g =0b5h -----END PGP SIGNATURE----- --=-bYgT4GLBw76/fascZ973--