potential DNS security issue
From: Chris (chris23_at_ic-2000.com)
Date: 12/21/04
- Next message: Steve Riley [MSFT]: "Re: Security for Windows 2000 Server"
- Previous message: ambharish: "Security for Windows 2000 Server"
- Next in thread: Steven L Umbach: "Re: potential DNS security issue"
- Reply: Steven L Umbach: "Re: potential DNS security issue"
- Reply: Steve Clark [MSFT]: "Re: potential DNS security issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Dec 2004 12:53:57 -0500
I posted this to the dns group, but thought it might be appropriate here
too. I think this is a security issue as well:
This morning on of our DNS servers started responding to all requests with
the same IP address. The only exceptions were sites that the server was
authoritative for. I fixed it by clearing the cache, but I have to wonder
how this is happening. This server runs Windows 2000 dns and has the
"secure cache against pollution" option set (and I confirmed it in the
registry).
I contacted Microsoft and they had no idea what might be happening. They
thought that one of the root servers may have been compromised. I find this
hard to believe however. I found this link on the web:
http://www.atsnn.com/story/105049.html which describes a similar situation.
It appears that this has occured to others over the last few weeks, and any
root server problems probably would have been dealt with.
Has anyone seen this before. It seems like a vulnerability that has not yet
been addressed. However, maybe its just a vulnerability in DNS in general.
Any thoughts?
- Next message: Steve Riley [MSFT]: "Re: Security for Windows 2000 Server"
- Previous message: ambharish: "Security for Windows 2000 Server"
- Next in thread: Steven L Umbach: "Re: potential DNS security issue"
- Reply: Steven L Umbach: "Re: potential DNS security issue"
- Reply: Steve Clark [MSFT]: "Re: potential DNS security issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
