| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200306271820.h5RIKdjK010807@turing-police.cc.vt.edu> From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: food for thought -- root zone exposures On Thu, 26 Jun 2003 23:25:06 EDT, Len Rose <len@...sys.com> said: > http://www.ietf.org/internet-drafts/draft-ietf-dnsop-bad-dns-res-01.txt > > > At the risk of appearing somewhat jaundiced, I'll bet someone > that it's an M$ nameserver implementation that they're > referring to. Section 3 (client) is a combination of NAT, poor configuration on the ISP's part, and MS's ActiveDirectory. The basic scenario is that you get a Windows box that gets DHCP'ed with an RFC1918 space, and it tries to register itself. The local DNS doesn't know squat about the space because it's misconfigued, so the client walks up the tree. The ISP fails to do ingress filtering, and things go pear-shaped quickly. And it's worse than that I-D says - see this for a hint HOW bad: http://www.nanog.org/mtg-0210/wessels.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030627/86dc8e29/attachment.bin
Powered by blists - more mailing lists