[150219] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DNS Attacks

daemon@ATHENA.MIT.EDU (Ken Gilmour)
Sun Feb 19 06:00:30 2012

In-Reply-To: <201202182229.q1IMTHGS079581@mail.r-bonomi.com>
Date: Sun, 19 Feb 2012 11:59:37 +0100
From: Ken Gilmour <ken.gilmour@gmail.com>
To: Robert Bonomi <bonomi@mail.r-bonomi.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On Feb 18, 2012 10:24 PM, "Robert Bonomi" <bonomi@mail.r-bonomi.com> wrote:
>
> Even better, nat to a 'bogon' DNS server -- one that -- regardless of the
> query -- returns the address of a dedicated machine on your network set up
> especially for this purpose.

What happens when the client sends a POST from a cached page on the end
user's machine? E.g. if they post login credentials. Of course, they'll get
the error page, but then you have confidential data in your logs and now
you have to protect highly confidential info, at least if you're in europe.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[150219] in North American Network Operators' Group

Re: DNS Attacks

daemon@ATHENA.MIT.EDU (Ken Gilmour)Sun Feb 19 06:00:30 2012

daemon@ATHENA.MIT.EDU (Ken Gilmour)
Sun Feb 19 06:00:30 2012