BIND ignores queries from specific privileged source ports
Grant Taylor
gtaylor at tnetconsulting.net
Mon Jun 10 16:37:31 UTC 2019
On 6/7/19 8:44 PM, Mark Andrews wrote:
> Named drops those ports as they can be used in reflection attacks.
> Sane NAT developers avoid those ports for just that reason. The full
> list is below.
I understand the logic behind avoiding potentially problematic ports.
But I don't understand the actual attack scenario. Is the attack
against the BIND server? I.e. in an attempt to cause BIND to establish
a never ending loop of packets between itself and the purported address?
Or is this an attempt to cause BIND to attack a spoofed source with
said loop?
Nor do I understand why BIND couldn't differentiate between an actual
query vs a reflected reply, daytime response, chargen, or time packet.
Will someone please explain what I'm failing to understand?
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190610/bd8a94be/attachment.bin>
More information about the bind-users
mailing list