nanog mailing list archives
Re: large organization nameservers sending icmp packets to dns servers.
From: Mark Andrews <Mark_Andrews () isc org>
Date: Fri, 10 Aug 2007 15:07:32 +1000 (EST)
In article <200708100143.l7A1hNSY034263 () drugs dv isc org> you write:
I suspect that the origin of the myth that DNS/TCP is more
dangerous than DNS/UDP is that the first root expliot of
named was over TCP not UDP. There were later exploits that
were UDP only which totally busted the myth but it continues
to live.
Mark
Just to make it clear. This was BIND 4/8 code and the bugs
were addressed in the last millennia.
To date there are no known root exploits for BIND 9.
Mark
Current thread:
- Re: large organization nameservers sending icmp packets to dns servers., (continued)
- Re: large organization nameservers sending icmp packets to dns servers. Leigh Porter (Aug 06)
- Re: large organization nameservers sending icmp packets to dns servers. Owen DeLong (Aug 06)
- Message not available
- Re: large organization nameservers sending icmp packets to dns servers. Valdis . Kletnieks (Aug 06)
- Re: large organization nameservers sending icmp packets to dns servers. Patrick W. Gilmore (Aug 06)
- Re: large organization nameservers sending icmp packets to dns servers. Leigh Porter (Aug 06)
- Re: large organization nameservers sending icmp packets to dns servers. Mark Andrews (Aug 09)
- Re: large organization nameservers sending icmp packets to dns servers. Crist Clark (Aug 10)
- Re: large organization nameservers sending icmp packets to dns servers. Mark Andrews (Aug 10)