Re: [Full-Disclosure] food for thought -- root zone exposures
Valdis.Kletnieks_at_vt.edu
Date: 06/27/03
- Previous message: Schmehl, Paul L: "RE: [Full-Disclosure] Adminstrivia: Digest Limits/Netiquette"
- In reply to: Len Rose: "[Full-Disclosure] food for thought -- root zone exposures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Len Rose <len@netsys.com> Date: Fri, 27 Jun 2003 14:20:39 -0400
On Thu, 26 Jun 2003 23:25:06 EDT, Len Rose <len@netsys.com> said:
> http://www.ietf.org/internet-drafts/draft-ietf-dnsop-bad-dns-res-01.txt
>
>
> At the risk of appearing somewhat jaundiced, I'll bet someone
> that it's an M$ nameserver implementation that they're
> referring to.
Section 3 (client) is a combination of NAT, poor configuration on the ISP's part,
and MS's ActiveDirectory. The basic scenario is that you get a Windows box
that gets DHCP'ed with an RFC1918 space, and it tries to register itself. The local
DNS doesn't know squat about the space because it's misconfigued, so the client
walks up the tree. The ISP fails to do ingress filtering, and things go pear-shaped quickly.
And it's worse than that I-D says - see this for a hint HOW bad:
http://www.nanog.org/mtg-0210/wessels.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: stored
- Previous message: Schmehl, Paul L: "RE: [Full-Disclosure] Adminstrivia: Digest Limits/Netiquette"
- In reply to: Len Rose: "[Full-Disclosure] food for thought -- root zone exposures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
