Security Basics mailing list archives
Re: opened DNS servers = danger ?
From: Gouki <Gouki () GoukiHQ org>
Date: Thu, 07 Dec 2006 01:05:58 +0000
Hi list, I maybe saying something awfully wrong, so *please* warn me if that is the case. From what I've learned, DNS servers configured to allow recursive name resolution requests may also be used on a DDoS attack, where the source field of the IP packet can be tampered in order to enter the victims IP address, and not the IP of the person who made the request on the first place. So, what happens is that allot of clients make a name resolution to a server allowing recursive DNS requests and all of these 'answers' are delivered to the victim, instead of the clients who made the request. Things can get even worst when EDNS0 is used. Basically EDNS0 adds an OPT record to the packet the client (malicious user who is sending name resolutions to the DNS server) 'warning' that the user (target of the attack) accepts packets larger than what is standard. Like I said, this maybe wrong, but it's what I understood from something I read a couple of years ago. I recommend reading this article on Wikipedia[0] about security on DNS servers. [0] - http://en.wikipedia.org/wiki/DNSSEC Goodbye. Tiago Faria
Norbert François wrote:I was surfing, and I found a page where you can download a descent list of (recursive) opened dns. Then, I've 2 questions: -> what means "opened" dns ? 'cause when I travel, I'm still (sometimes I don't know the dns of the current isp) using my isp's dns (even if my IP doesn't belong to my ISP). -> What's the danger of an opened dns ? How to protect ? Is it dangerous for the end-user ?
-- *//================================================================= .-. Fingerprint: 4B36 0BC2 82CE 6858 4893 7132 BC98 A7E4 3482 BA17 /v\ Size / Type: 1024/DSA // \\ Availability: MIT's PKS - pgp.mit.edu /( )\ Homepage: GoukiHQ.org ^^-^^ |PHEAR THE PENGUIN| *//=================================================================
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- opened DNS servers = danger ? Norbert François (Dec 04)
- Re: opened DNS servers = danger ? Nick Owen (Dec 06)
- Re: opened DNS servers = danger ? Gouki (Dec 07)
- Re: opened DNS servers = danger ? Saqib Ali (Dec 07)
- Re: opened DNS servers = danger ? Nick Owen (Dec 06)