Re: Why is bind important?

From: Drew (drew@sundawg.org)
Date: 07/07/02

• Next message: the Pull: "Re: cDc prepares user-friendly stego app!"
• Previous message: the Pull: "Re: cDc prepares user-friendly stego app!"
• In reply to: juan: "Re: Why is bind important?"
• Next in thread: Isaac To: "Re: Why is bind important?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Drew <drew@sundawg.org>
Date: Sat, 06 Jul 2002 22:50:21 GMT

In article <IYGV8.4061$Yx5.3527@newsread1.prod.itd.earthlink.net>, juan wrote:
> How? "help them to take over the rest of your network seems so vague..."
> portscanning,etc..
> can help also help take over the rest of your network...
>
>> Why is the DNS server security so important? Because taking over the
>> DNS server can help them to take over the rest of your network.

There are multiple types of attacks that can be perpetrated against a
DNS server. I don't claim to know all of them (or even most of them),
but here's a breakdown on some that I'm aware of (feel free to correct
me as appropriate).

One such "attack" is more of a misconfiguration of the DNS server. If
it allows zone transfers to anyone, then anyone can get a map of your
internal network. From a malcontent's perspective, this makes things
easier, as he wouldn't have to guess at server names, or IP addresses,
he'd have a list of both, that you provided him!

Another DNS attack is commonly called "cache poisoning". Imagine you
fire up your web browser and point to www.google.com. Typically, either
your DNS or your ISP's DNS (this assumes no host file listing) will
provide your browser with the IP address that maps to www.google.com.
But what if your DNS (or your ISP's) listed the wrong IP address? If
the IP address provided from the "poisoned cache" didn't exist,
ww.google.com has effectively been cut off.

Both of these examples are overly simplified, as my understanding of
them is not what it should be. But, that's why I'm hanging around here.
Maybe I'll learn something.

Drew

---

• Next message: the Pull: "Re: cDc prepares user-friendly stego app!"
• Previous message: the Pull: "Re: cDc prepares user-friendly stego app!"
• In reply to: juan: "Re: Why is bind important?"
• Next in thread: Isaac To: "Re: Why is bind important?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: IPS comparison ... >It might if your DNS server doesn't normally do this. ... and anomaly detection. ... analysis tool for network traffic, netflow, firewall logs, host logs, .etc, ... but anomaly detection is just that -- anomalies. ... (Focus-IDS) RE: DC Issues ... DCs are imputable to DNS server problems. ... For your replication, you should be aware that you will be needing two ... maintain the DCs connected in this network updated. ... Server is not responding or is not considered suitable. ... (microsoft.public.windows.server.active_directory) Re: How is DNS resolution working? ... >> and our DNS server on machine B is only on a private network, ... host on the external network ... It just happens that on the external network, there is a Windows domain ... (microsoft.public.win2000.networking) Re: Event errors ... need of a serious professional overhaul of your network, ... Event Source: NETLOGON ... authoritative DNS server required to process this update request has ... (microsoft.public.windowsxp.network_web) Re: How is DNS resolution working? ... >> and our DNS server on machine B is only on a private network, ... host on the external network ... It just happens that on the external network, there is a Windows domain ... (microsoft.public.win2000.dns)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.misc  > 2002-10