Registry key for "QueryIpMatching"
From: Makoto Shiotsuki (shio@ST.RIM.OR.JP)Date: 07/31/02
- Previous message: Georgi Guninski: "IE and .xla may lead to problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Jul 2002 10:35:54 +0900 From: Makoto Shiotsuki <shio@ST.RIM.OR.JP> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
As described in the CERT Vulnerability Note VU#458659, there is
a registry entry "QueryIpMatching" to prevent W2K DNS resolver
from accepting responses from non-queried DNS servers.
Many documents including VU#458659, ISS X-Force#4280, and DNS
white papers from Microsoft indicate that the registry location
for "QueryIpMatching" is;
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters
But as far as I and another person tried, correct location is;
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
This registry location (...\Tcpip\Parameters) is described in
"Microsoft Windows 2000 TCP/IP Implementation Details".
I hope this confusion will be cleared up.
References:
CERT/CC Vulnerability Note VU#458659
http://www.kb.cert.org/vuls/id/458659
ISS X-Force win2k-dns-resolver (4280)
http://www.iss.net/security_center/static/4280.php
DNS Caching, Network Prioritization, and Security
http://www.microsoft.com/
technet/prodtechnol/winxppro/reskit/prjj_ipa_vitx.asp
Microsoft Windows 2000 TCP/IP Implementation Details
http://www.microsoft.com/
TechNet/itsolutions/network/deploy/depovg/tcpip2k.asp
(Thanks Noda-san for the testing ;)
Makoto Shiotsuki
- Previous message: Georgi Guninski: "IE and .xla may lead to problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
