Re: [Full-disclosure] Exploiting Microsoft dynamic Dns updates



On Thu, 22 Mar 2007 11:35:18 +0100 Andres Tarasco wrote:

By default, most Microsoft DNS servers integrated with active directory allow
insecure dynamic updates for dns records.

This statement is way too broad. Creating an AD-integrated zone in Windows
Server 2003 does create a "secure updates only" zone by default. You can
influence this behavior in the zone creation wizard though.

dnsfun exploits that weak configuration and allows remote users to modify dns records.

I am not sure if I do see the point in rewriting nsupdate from bindtools. I
am also quite uncertain if this really might count as a "hacker" or
"security" tool of any kind.

--
Denis Jedig
syneticon networks GbR http://syneticon.net/service/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: Determining where nonsecure updates come from
    ... I've changed the zone ... is overwriting some records (maybe a unix bind server). ... and all was well until I had to change it to another subnet. ... If using only secure updates stops it, set it to Only secure updates and ...
    (microsoft.public.windows.server.dns)
  • Re: Exploiting Microsoft dynamic Dns updates
    ... insecure dynamic updates for dns records. ... Server 2003 does create a "secure updates only" zone by default. ...
    (Bugtraq)
  • RE: exchange server cannot mount mailbox store
    ... What's the exact detailed DNS Events ... Type desired internal IP address of your SBS server. ... it will delete the reverse lookup zone if the zone no longer ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Simple DNS For Private LAN -- SOLVED
    ... I used your examples and the "view" statement mentioned my Mathew Seaman to build a BIND 9 DNS server that is authoritative for mykitchentable.net. ... a local "master zone" visible only to my private LAN as you describe ... internal home network. ... which points to the root DNS servers. ...
    (freebsd-questions)
  • Re: DNS Redesign Issue
    ... -Using DNS console you can right-click the zone and export to a File, ... -To export a Zone and import that Zone in another DNS Server you need to use ... Create a child zone dallas on the DNS server in the child domain ...
    (microsoft.public.windows.server.dns)