[44594] in North American Network Operators' Group
Re: Secure BIND Template v3.1 released
daemon@ATHENA.MIT.EDU (Mike Batchelor)
Tue Dec 4 14:02:27 2001
Date: Tue, 04 Dec 2001 11:01:14 -0800
From: Mike Batchelor <mikebat@tmcs.net>
To: Rob Thomas <robt@cymru.com>, nanog@merit.edu
Message-ID: <92885832.1007463674@[172.25.106.112]>
In-Reply-To: <ROTMAILER.0111301117040.14110-100000@dragon.sauron.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Errors-To: owner-nanog-outgoing@merit.edu
An attacker can easily convince a client with access to the trusted view to
perform queries on its behalf, in countless ways. He can send the trusted
client a trojan to install Backorifice. Or he can simply send him an email
and convince the trusted client to reply. Or send him a link. Or put his
link in a website the client is likely to visit.
So I am not quite sure what the trusted view protects against. Anyone can
still get a malicious recursive query to the internal view if they really
want to.
--On Friday, November 30, 2001 11:18 AM -0600 Rob Thomas <robt@cymru.com>
wrote:
>
> Hi, all.
>
> Hopefully this is reasonably on topic. :) I have made version 3.1 of
> the Secure BIND Template available here:
>
> http://www.cymru.com/~robt/Docs/Articles/secure-bind-template.html
>
> It has been reviewed by minds greater than mine. The mistakes are all
> my own. :) Comments and feedback are always welcome! Be the first in
> your netblock to join the CREDITS section. :)
>
> Thanks,
> Rob.
> --
> Rob Thomas
> http://www.cymru.com/~robt
> ASSERT(coffee != empty);
>
>
---
"The avalanche has already begun. It is too late for the pebbles to vote."
-- Kosh
