Re: DNS Rebinding Prevention for the Weak Host Model Attacks

2010-08-18 Thread Bradley Falzon
me the default); the second, Permissive, >> would only log the attacks; the third, Enforcing, would log and block >> the attacks. >> >> This would allow ISPs to upgrade to these specific versions of bind, >> turn on Permissive parameter first and Enforcing if the attacks become >

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

2010-08-17 Thread Bradley Falzon
On Wed, Aug 18, 2010 at 1:05 AM, Phil Mayers wrote: > On 08/17/2010 04:31 PM, Florian Weimer wrote: >> >> * Bradley Falzon: >> >>> Craig Heffner's version of the DNS Rebinding attack, similar to all >>> DNS Rebinding attacks, requires the DNS Servers to

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

2010-08-17 Thread Bradley Falzon
On Wed, Aug 18, 2010 at 1:01 AM, Florian Weimer wrote: > * Bradley Falzon: > >> Craig Heffner's version of the DNS Rebinding attack, similar to all >> DNS Rebinding attacks, requires the DNS Servers to respond with an >> Attackers IP Address as well as the Vic

DNS Rebinding Prevention for the Weak Host Model Attacks

2010-08-16 Thread Bradley Falzon
parameter first and Enforcing if the attacks become well known or impact is minimal. What are your thoughts on this ? What could these protection break the legitimate use for ? -- Bradley Falzon b...@teambrad.net ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users