Vulnerability Development mailing list archives
Re: DNS zone transfer
From: Valdis.Kletnieks () vt edu
Date: Sun, 09 Jun 2002 21:33:31 -0400
On Sun, 09 Jun 2002 16:18:38 PDT, David Schwartz said:
They can't filter port 53/tcp if the are authoritative for any domains. Support for TCP queries is not optional.
You'd be AMAZED at how many sites don't let a small thing like standards stand in the way of doing something stupid - top of my pet peeve list most weeks are sites that reject SMTP 'MAIL FROM:<>' and sites that number their point-to-point links out of RFC1918 space and then wonder why path MTU Discovery breaks when a site that implements proper martian filtering tries to talk to them. There's a nice IETF draft about other stupidity being seen on the net here: http://www.ietf.org/internet-drafts/draft-floyd-tcp-reset-04.txt Security implication: Well, if your site insists on advertising its rampant cluelessness.... ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
_bin
Description:
Current thread:
- RE: DNS zone transfer, (continued)
- RE: DNS zone transfer Terry Grace (Jun 10)
- RE: DNS zone transfer Maximiliano Perez (Jun 09)
- Re: DNS zone transfer Ralf Vitasek (Jun 09)
- Re: DNS zone transfer Edwin Groothuis (Jun 10)
- Re: DNS zone transfer Jefferson Ogata (Jun 11)
- Re: DNS zone transfer Edwin Groothuis (Jun 10)
- RE: DNS zone transfer deepblue (Jun 10)
- RE: DNS zone transfer David LaPorte (Jun 16)
- RE: DNS zone transfer David Schwartz (Jun 09)
- Re: DNS zone transfer Blue Boar (Jun 10)
- Re: DNS zone transfer Eric Monti (Jun 10)
- Re: DNS zone transfer Valdis . Kletnieks (Jun 10)