[2565] in Release_7.7_team
Re: Meeting tomorrow, 1pm
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Tue Jan 30 23:18:16 2001
Message-Id: <200101310418.XAA26879@speaker-for-the-dead.mit.edu>
From: Jonathon Weiss <jweiss@MIT.EDU>
To: Greg Hudson <ghudson@MIT.EDU>
cc: release-team@MIT.EDU
In-reply-to: Your message of "Tue, 30 Jan 2001 14:39:54 EST."
<200101301939.OAA06074@egyptian-gods.MIT.EDU>
Date: Tue, 30 Jan 2001 23:18:06 -0500
I'd like to talk about named a little. Specifically, yesterday a
number of vulnerabilities were announced in named. As it turns out
the version of named Athena is using happened not to be vulnerable to
any of them, but that was more luck rather than planning. Right
now, all athena machines run a named (this is important, because we
need the caching done by named). However, all of these nameds listen
both to the localhost interface, and to the external network
interface. In other words, any machine anywhere on the internet can
ask questions of our named and get answers. Any machine can also
attack our nameds through the same mechanism. I'd like us to consider
haveing named only listen on the localhost interface starting with
this summer's release. This is a simple change to named.conf.
Pros:
Insulates us from most attacks against named, should a vulnerability
in our version of named be discovered. There was an attack that was
DoS-ing our suns (by remotely killing named) a few years ago (it would
have broken in if it had been a solaris exploit, rather than a linux
one) that caused us to put out a patch release with a fixed named
during the "critical" period of fall term.
Cons:
When we experienced named losage during early test of the release that
included bind 8.2, we were able temporarily unconfuse a machine
remotely, because its named accepted remote queries.
If anyone has random clients using an athena machine for nameservice,
they will lose. (ie. "nameserver 18.18.0.221" in /etc/resolv.conf (or
the mac or windows equivalent) where 18.18.0.221 is the IP address of
an athena machine)
If anyone is using an athena machine as a nameserver for a personal
domain (either frowned upon by netops, or actually agains the rules of
use) they will lose, if they don't revert the change to named.conf.
Jonathon
