[linux-elitists] Applications and the infamous DNS vulnerability

Matthew Galgoci mgalgoci@redhat.com
Thu Jul 24 10:38:14 PDT 2008


> Date: Thu, 24 Jul 2008 09:40:04 -0700
> From: Don Marti <dmarti@zgp.org>
> To: linux-elitists <linux-elitists@zgp.org>
> Subject: [linux-elitists] Applications and the infamous DNS vulnerability
>
> On a properly set up home or office network, it should
> be difficult to poison the nameserver completely
> from the outside -- for a long time it's been best
> practice to put your public DNS on a separate machine.
>
> Of course an attacker can easily trick an application
> on the inside into doing a bunch of DNS queries --
> the simplest example is that a user could visit a
> malicious web page with a bunch of images.

Or send a flood of spam with rfc1918 addresses in the headers
that you actually happen to use internally.

-- 
Matthew Galgoci
Network Operations
Red Hat, Inc
919.754.3700 x44155



More information about the linux-elitists mailing list