Unapproved AXFR?
Lars-Johan Liman
liman at sunet.se
Tue Dec 14 15:59:49 UTC 1999
sthaug at nethelp.no:
> I used to be of that opinion also. Then somebody transferred most of the
> zones from a server which is slave for several thousand zones - and soon
> afterwards we saw attacks which were obviously based on information from
> those zone files. We stopped public zone transfers after that incident.
I understand, but that is not a technical reason. The information is
available anyhow. You just dig out the IP address of their mail and
web servers, and do a spread spectrum attack to that vicinity. You
don't even have to bother with the domain names.
They _are_ going to attack your systems - sometime. Don't sit around
hoping that blocking zone transfers is going to keep them out.
It's like saying: By not telling you where my house is, I'm sure
you'll never find it, so I don't have to put a lock on it.
OK, I'm overstating, but you get the general idea.
Cheers,
/Liman
#----------------------------------------------------------------------
# Lars-Johan Liman, Systems Specialist ! E-mail: liman at sunet.se
# KTH Network Operations Centre ! HTTP : //www.sunet.se/~liman
# Royal Institute of Technology, Sweden ! Voice : Int +46 8 - 790 65 60
#----------------------------------------------------------------------
More information about the bind-users
mailing list