[prev in list] [next in list] [prev in thread] [next in thread]
List: nfr-users
Subject: [nfr-users] MAINTENANCE - DNS Version 19
From: nfr-users () nfr ! com
Date: 2005-09-22 18:38:59
Message-ID: 200509221838.j8MIcx4i000336 () corsendonk ! hq ! nfr ! net
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MAINTENANCE - DNS Version 19
WHY THIS IS IMPORTANT
Two false positive conditions were corrected in this release
of the DNS package's hijacking/cache poisoning backend.
TECHNICAL DETAILS
A bug in processing DNS Answer Resource Records allowed for
records other than NS (Name Server) records to be considered
a hijacking attack. Certain caching DNS servers are
configured to add a local SOA (Source of Authority) record
to NS queries to direct administrative contact to the
proper server administrators. This SOA record was mishandled.
One of the TLD servers for the ".edu" gTLD root zone was
left out of dns_hijack:GOOD_TLD_SERVERS, resulting in
occasional false positives on .edu queries. Users that
have already loaded the dns_hijack backend onto their
sensors must add "h3.nstld.com" to dns_hijack:GOOD_TLD_SERVERS
manually.
REFERENCES
March 2005 DNS Poisoning Summary
http://isc.sans.org/presentations/dnspoisoning.php
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (OpenBSD)
iD8DBQFDMvpD2gg0zDrtBaIRArwGAKD1SsseqBlzjlzB50AFWa9H13LQvACghukD
OYeqDVggn6vIxbljTNRcCmU=
=GvcR
-----END PGP SIGNATURE-----
_______________________________________________
nfr-users mailing list
nfr-users@nfr.com
http://list.nfr.com/mailman/listinfo/nfr-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic