Bugtraq mailing list archives
Wierd behavior of MS's NT4 DNS
From: luttgenj () KIC OR JP (Jason T. Luttgens)
Date: Fri, 7 Feb 1997 09:04:17 +-900
We recently converted our primary DNS server from a Unix host running BIND to NT4 running MS's DNS. One of the many problems we are experiencing is that our web server is no longer denying all the hosts that it should from getting into restricted areas. We noticed that in the in-addr cache it was creating entries that had hostanmes that were non-existant in our domain. At first we could not figure out where these names were coming from. After doing extensive testing from a host that was outside of the allowed domain, we found that somehow the MS DNS server is communicating with the remote host, and if it has an MS network name (i.e Win95 or WFWG machine), it uses that name and tags our domain onto it!!!!...and grants them acces to the restricted portion of our web server! I do not have books on the MS DNS server, so there may be a setting that I can switch to stop this...if anyone knows it, please e-mail me. Here is a copy of a snoop to the remote host on Solaris 2.5..... Using device /dev/le (promiscuous mode) dns -> remote.host UDP D=137 S=137 LEN=58 dns -> remote.host UDP D=137 S=137 LEN=58 remote.host -> dns RPC R XID=2968159232 remote.host -> dns RPC R XID=3776218112 dns -> remote.host UDP D=137 S=137 LEN=58 dns -> remote.host UDP D=137 S=137 LEN=58 remote.host -> dns RPC R XID=2970256384 remote.host -> dns RPC R XID=2970518528 dns -> remote.host UDP D=137 S=137 LEN=58 dns -> remote.host UDP D=137 S=137 LEN=58 dns -> remote.host UDP D=137 S=137 LEN=58 remote.host -> dns RPC R XID=2972484608 Anyone know what this is ??? (I lost the NT BUGTRAQ Address)
Current thread:
- [linux-security] Linux virus Aleph One (Feb 04)
- Re: [linux-security] Linux virus Jim Dennis (Feb 05)
- Re: [linux-security] Re: Linux virus Alan Cox (Feb 05)
- Re: [linux-security] Re: Linux virus Leejay Wu (Feb 05)
- bliss version 0.4.0 nobody () INTERNIC NET (Feb 05)
- HPSBUX9702-052 Security Vulnerability in the rlogin executable Aleph One (Feb 05)
- [linux-security] Re: Linux virus Aleph One (Feb 06)
- setlocale() bug in all released versions of FreeBSD (SA-97:01) Aleph One (Feb 06)
- Wierd behavior of MS's NT4 DNS Jason T. Luttgens (Feb 07)
- New OFFICIAL patch for BSD/OS 2.1 (*SECURITY*) (fwd) Josh Gilliam (Feb 07)
- Bliss: The Facts Jared Mauch (Feb 08)
- view-source myst (Feb 08)
- IRIX: Bug in startmidi David Hedley (Feb 09)
- Re: IRIX: Bug in startmidi Nafees Bin Zafar (Feb 09)
- Security Advisory: A simple TCP spoofing attack Oliver Friedrichs (Feb 09)
- Re: Security Advisory: A simple TCP spoofing attack Wietse Venema (Feb 12)
- buffer overflow in configurable fingerd? M Shariful Anam (Feb 12)
- Re: buffer overflow in configurable fingerd? Ken Hollis (Feb 12)
- Security Bulletins Digest Aleph One (Feb 13)
- Re: [linux-security] Linux virus Jim Dennis (Feb 05)