Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New DNS Security Paper

From: bmanning () karoshi com
Date: Tue, 4 Nov 2003 10:35:21 -0800 (PST)

Hi

DNS is the most widely used protocol on the Internet yet many security
professionals do not have a full understanding of the many weaknesses
which surround it which are needed for Penetration Testing and day to
day security. 

We have released a paper on DNS security taken from our
DefensiveDeployment course within which we highlight basic and advanced
DNS attacks. Please download from the below link. 

http://sainstitute.org/articles/dns.htm

Helen England ESA

DefensiveHacking | DefensiveDeployment | DefensiveForensics comes to UK
and Saudi Arabia
http://sainstitute.org/uk/
Expert Security Associate (ESA)




        You might have considered looking at the following document,
        as it properly describes the true threat model to the DNS
        as it currently stands.

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the DNS Extensions Working Group of the IETF.

        Title           : Threat Analysis Of The Domain Name System
        Author(s)       : D. Atkins, R. Austein
        Filename        : draft-ietf-dnsext-dns-threats-04.txt
        Pages           : 15
        Date            : 2003-10-27

Although the DNS Security Extensions (DNSSEC) have been under
development for most of the last decade, the IETF has never written
down the specific set of threats against which DNSSEC is designed to
protect.  Among other drawbacks, this cart-before-the-horse situation
has made it difficult to determine whether DNSSEC meets its design
goals, since its design goals are not well specified.  This note
attempts to document some of the known threats to the DNS, and, in
doing so, attempts to measure to what extent (if any) DNSSEC is a
useful tool in defending against these threats.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dns-threats-04.txt

--bill manning

---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: