[98493] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: large organization nameservers sending icmp packets to dns servers.

daemon@ATHENA.MIT.EDU (Mark Andrews)
Fri Aug 10 01:08:29 2007

Date: Fri, 10 Aug 2007 15:07:32 +1000 (EST)
From: Mark Andrews <Mark_Andrews@isc.org>
To: nanog@merit.edu
In-Reply-To: <200708100143.l7A1hNSY034263@drugs.dv.isc.org>
Errors-To: owner-nanog@merit.edu


In article <200708100143.l7A1hNSY034263@drugs.dv.isc.org> you write:
>
>	I suspect that the origin of the myth that DNS/TCP is more
>	dangerous than DNS/UDP is that the first root expliot of
>	named was over TCP not UDP.  There were later exploits that
>	were UDP only which totally busted the myth but it continues
>	to live.
>
>	Mark

	Just to make it clear.  This was BIND 4/8 code and the bugs
	were addressed in the last millennia.

	To date there are no known root exploits for BIND 9.

	Mark


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[98493] in North American Network Operators' Group

Re: large organization nameservers sending icmp packets to dns servers.

daemon@ATHENA.MIT.EDU (Mark Andrews)Fri Aug 10 01:08:29 2007

daemon@ATHENA.MIT.EDU (Mark Andrews)
Fri Aug 10 01:08:29 2007