[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200311041835.hA4IZL011208@karoshi.com>
Date: Tue, 4 Nov 2003 10:35:21 -0800 (PST)
From: bmanning@...oshi.com
To: helen.england@...nstitute.org (Helen England \[SAI\])
Cc: pen-test@...urityfocus.com, bugtraq@...urityfocus.com,
secpapers@...urityfocus.com
Subject: Re: New DNS Security Paper
>
> Hi
>
> DNS is the most widely used protocol on the Internet yet many security
> professionals do not have a full understanding of the many weaknesses
> which surround it which are needed for Penetration Testing and day to
> day security.
>
> We have released a paper on DNS security taken from our
> DefensiveDeployment course within which we highlight basic and advanced
> DNS attacks. Please download from the below link.
>
> http://sainstitute.org/articles/dns.htm
>
> Helen England ESA
>
> DefensiveHacking | DefensiveDeployment | DefensiveForensics comes to UK
> and Saudi Arabia
> http://sainstitute.org/uk/
> Expert Security Associate (ESA)
>
>
You might have considered looking at the following document,
as it properly describes the true threat model to the DNS
as it currently stands.
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the DNS Extensions Working Group of the IETF.
Title : Threat Analysis Of The Domain Name System
Author(s) : D. Atkins, R. Austein
Filename : draft-ietf-dnsext-dns-threats-04.txt
Pages : 15
Date : 2003-10-27
Although the DNS Security Extensions (DNSSEC) have been under
development for most of the last decade, the IETF has never written
down the specific set of threats against which DNSSEC is designed to
protect. Among other drawbacks, this cart-before-the-horse situation
has made it difficult to determine whether DNSSEC meets its design
goals, since its design goals are not well specified. This note
attempts to document some of the known threats to the DNS, and, in
doing so, attempts to measure to what extent (if any) DNSSEC is a
useful tool in defending against these threats.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dns-threats-04.txt
--bill manning
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
Powered by blists - more mailing lists