Possible DNS cache poisoning attack
Byung-Hee HWANG
bh at izb.knu.ac.kr
Wed Oct 29 23:34:58 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rob Tanner wrote:
> Or, at least that's what it looks like.
> Last nigh (Oct 28) we were barraged by thousands of emails with a return
> path of facebookmail.com. Our MTA checks the return path of each
> incoming message so as to reject anything that can't be replied to.
> That, of course, requires a DNS lookup but every attempt to lookup
> facebookmail.com timed out and when I flushed the cache, it would
> resolve for a short while and then hang again until a again flushed my
> cache. This effectively brought both of my email edge servers to their
> knees as all the SMTP connections were tied up while the server was
> waiting on DNS.
>
> I upgraded back in July when the major security bug was discovered and
> my name servers all run BIND 9.5.0-P1. I know there were a couple of
> Windows specific updates since then which I ignored because I'm running
> on Linux. Is that version otherwise at risk and do I need to update for
> security reasons?
i'm not expert about ISC's bind program. however, let me say this, a few
weeks ago my advisor for DNS recommended for using DNSSEC
<URL:http://en.wikipedia.org/wiki/DNSSEC>. he emphasized it's the best
practice against for the attack of DNS cache poisoning. and now i'm
studying about that ..;;
byunghee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iEYEARECAAYFAkkI8yIACgkQsCouaZaxlv60NgCfUy6PaQYhPYEWfStYlyKKMYrP
XY4An1SgOg0XWQuXYi3QtuthNYP6YYaI
=V/gI
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list