Re: [Full-disclosure] Exploiting Microsoft dynamic Dns updates



On Thu, 22 Mar 2007 11:35:18 +0100 Andres Tarasco wrote:

By default, most Microsoft DNS servers integrated with active directory allow
insecure dynamic updates for dns records.

This statement is way too broad. Creating an AD-integrated zone in Windows
Server 2003 does create a "secure updates only" zone by default. You can
influence this behavior in the zone creation wizard though.

dnsfun exploits that weak configuration and allows remote users to modify dns records.

I am not sure if I do see the point in rewriting nsupdate from bindtools. I
am also quite uncertain if this really might count as a "hacker" or
"security" tool of any kind.

--
Denis Jedig
syneticon networks GbR http://syneticon.net/service/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: Determining where nonsecure updates come from
    ... I've changed the zone ... is overwriting some records (maybe a unix bind server). ... and all was well until I had to change it to another subnet. ... If using only secure updates stops it, set it to Only secure updates and ...
    (microsoft.public.windows.server.dns)
  • Re: Exploiting Microsoft dynamic Dns updates
    ... insecure dynamic updates for dns records. ... Server 2003 does create a "secure updates only" zone by default. ...
    (Bugtraq)
  • Re: RWW not connecting to desktop BOSS
    ... Open DHCP server, right click the server's FQDN and select Properties. ... Navigate to DNS tab. ... To configure the zone to permit dynamic updates, ... click Non-secure and secure in the Dynamic updates ...
    (microsoft.public.windows.server.sbs)
  • RE: exchange server cannot mount mailbox store
    ... What's the exact detailed DNS Events ... Type desired internal IP address of your SBS server. ... it will delete the reverse lookup zone if the zone no longer ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Simple DNS For Private LAN -- SOLVED
    ... I used your examples and the "view" statement mentioned my Mathew Seaman to build a BIND 9 DNS server that is authoritative for mykitchentable.net. ... a local "master zone" visible only to my private LAN as you describe ... internal home network. ... which points to the root DNS servers. ...
    (freebsd-questions)