Registry key for "QueryIpMatching"
From: Makoto Shiotsuki (shio@st.rim.or.jp)Date: 07/30/02
- Previous message: Laura A. Robinson: "Re: Setting Account Lockout Policies with a NT PDC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Jul 2002 13:30:41 +0900 To: focus-ms@securityfocus.com From: Makoto Shiotsuki <shio@st.rim.or.jp>
As described in the CERT Vulnerability Note VU#458659, there is
a registry entry "QueryIpMatching" to prevent W2K DNS resolver
from accepting responses from non-queried DNS servers.
Many documents including VU#458659, ISS X-Force#4280, and DNS
white papers from Microsoft indicate that the registry location
for "QueryIpMatching" is;
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters
But as far as I and another person tried, correct location is;
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
This registry location (...\Tcpip\Parameters) is described in
"Microsoft Windows 2000 TCP/IP Implementation Details".
I hope this confusion will be cleared up.
References:
CERT/CC Vulnerability Note VU#458659
http://www.kb.cert.org/vuls/id/458659
ISS X-Force win2k-dns-resolver (4280)
http://www.iss.net/security_center/static/4280.php
DNS Caching, Network Prioritization, and Security
http://www.microsoft.com/
technet/prodtechnol/winxppro/reskit/prjj_ipa_vitx.asp
Microsoft Windows 2000 TCP/IP Implementation Details
http://www.microsoft.com/
TechNet/itsolutions/network/deploy/depovg/tcpip2k.asp
(Thanks Noda-san for the testing ;)
Makoto Shiotsuki
- Previous message: Laura A. Robinson: "Re: Setting Account Lockout Policies with a NT PDC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
