> Your suggestion explains _exactly_ what I was looking at. I'm still
> concerned that DNS could be used for exploitation:
>
> e.g.
>
> * Firewall runs bind-8.1.2
> * Badguy controlling external DNS server puts in huge A record for common
> destination in an attempt to generate buffer overflow exploit on remote
> hosts
> * Internal (say, WinNT) user looks up host
> * Firewall does lookup and returns result to WinNT host
> * exploit occurs on internal host.
Running bind 8.1.2 (or 4.9.7) on your Firewall will block that kind of
attacks. It will not accept huge A records (it will enforce the MAXHOSTNAMELEN
limit), neither it will accept IP address with more than 4 bytes lenght. Older
versions will.
Cheers,
-JCT-
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
- Re: Are there security downsides to allowing out... batz
- Re: Are there security downsides to allowing out... Bennett Todd
- RE: Are there security downsides to allowin... Larry Cannell
- Re: Are there security downsides to all... Jason Haar
- Re: Are there security downsides to... Larry Chin
- Re: Are there security downside... Jason Haar
- Re: Are there security dow... Ming Lu
- Re: Are there security dow... Larry Chin
- Re: Are there security... Jean-Christophe Touvet
- Re: Are there security... Richard Reiner
- Re: Are there security dow... Jean-Christophe Touvet
- Re: Are there security downsides to all... Bennett Todd
- RE: Are there security downsides to... Larry Cannell
- RE: Are there security downsides to all... Mike Batchelor
- RE: Are there security downsides to allowing out... Ng, Kenneth
- RE: Are there security downsides to allowing out... Magowan, Richard M. (ITS)
- RE: Are there security downsides to allowing out... Paul Gracy
