Information Security News mailing list archives

Re: CERT warns of another BIND problem

From: InfoSec News <isn () c4i org>
Date: Thu, 6 Jun 2002 22:13:46 -0500 (CDT)

Forwarded from: rferrell () texas net

"It is normal for a company to run two name servers. If you manage
to shoot both of them down, the company will disappear from the
Internet," Petursson said.


No, it will simply stop receiving information sent to that hostname,
and even then not (entirely) until the name to IP address mapping
expires from the cache of other DNS servers (usually 20-24 hours).

It is important to remember that computers use IP addresses to
communicate over the Internet.  They don't care about or make any use
of the host names that we're so fond of employing.  The domain name
system exists solely to make it easier for people to find the Web site
they're looking for.  If you make a host table on your own computer,
you can map whatever name you want to whatever address you want, DNS
notwithstanding.  It doesn't have to conform to the
'.com/.org/.net/.gov/.mil/' et al.  conventions, either.  If you're
using Win 98, for example, and you make a file called 'hosts' in the
/windows directory on your root drive that contains the following line

207.46.197.102 i.like.to.pick.my.nose digger

and then type either "i.like.to.pick.my.nose" or "digger"  into the
URL box of your browser, you'll end up at Microsoft, just the same as
if you typed "www..microsoft.com." We used to keep our own individual
host tables and update them every night, back before the Internet got
so big that this became impractical.

DNS cache poisoning and DNS denial of service attacks are annoying,
and even potentially damaging if you're not very savvy about the
various alternate means of mining for domain name to IP address
mapping. But they don't in themselves make anyone 'disappear from the
Internet.' Directory assistance may be out of commission, but the
phone still works if you know the number.

RGF

Robert G. Ferrell
rferrell () texas net



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.

Current thread:

CERT warns of another BIND problem InfoSec News (Jun 06)
- <Possible follow-ups>
- Re: CERT warns of another BIND problem InfoSec News (Jun 06)