[linux-elitists] Applications and the infamous DNS vulnerability
Thu Jul 24 10:38:14 PDT 2008
> Date: Thu, 24 Jul 2008 09:40:04 -0700
> From: Don Marti <email@example.com>
> To: linux-elitists <firstname.lastname@example.org>
> Subject: [linux-elitists] Applications and the infamous DNS vulnerability
> On a properly set up home or office network, it should
> be difficult to poison the nameserver completely
> from the outside -- for a long time it's been best
> practice to put your public DNS on a separate machine.
> Of course an attacker can easily trick an application
> on the inside into doing a bunch of DNS queries --
> the simplest example is that a user could visit a
> malicious web page with a bunch of images.
Or send a flood of spam with rfc1918 addresses in the headers
that you actually happen to use internally.
Red Hat, Inc
More information about the linux-elitists