deny-answer-addresses { %source%; };
deny-answer-aliases { %source%; };
Maybe?
- Kevin
On 8/17/2010 12:22 AM, Bradley Falzon wrote:
bind-users,
In light of Craig Heffner's
I am looking at the deny-answer-* section for this, but we just need
to ensure we minimally affect legitimate applications. This is why I
was proposing we only action when the source is apart of the answer AS
WELL as another answer. Blocking based on just the source would affect
dyn-dns type
* Bradley Falzon:
Craig Heffner's version of the DNS Rebinding attack, similar to all
DNS Rebinding attacks, requires the DNS Servers to respond with an
Attackers IP Address as well as the Victims IP Address, in a typical
Round Robin fashion. Previous attacks would normally have the Victims
On 08/17/2010 04:31 PM, Florian Weimer wrote:
* Bradley Falzon:
Craig Heffner's version of the DNS Rebinding attack, similar to all
DNS Rebinding attacks, requires the DNS Servers to respond with an
Attackers IP Address as well as the Victims IP Address, in a typical
Round Robin fashion.
On Wed, Aug 18, 2010 at 1:01 AM, Florian Weimer fwei...@bfk.de wrote:
* Bradley Falzon:
Craig Heffner's version of the DNS Rebinding attack, similar to all
DNS Rebinding attacks, requires the DNS Servers to respond with an
Attackers IP Address as well as the Victims IP Address, in a typical
On Wed, Aug 18, 2010 at 1:05 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 08/17/2010 04:31 PM, Florian Weimer wrote:
* Bradley Falzon:
Craig Heffner's version of the DNS Rebinding attack, similar to all
DNS Rebinding attacks, requires the DNS Servers to respond with an
Attackers IP
In article mailman.352.1282059097.15649.bind-us...@lists.isc.org,
Florian Weimer fwei...@bfk.de wrote:
* Bradley Falzon:
Craig Heffner's version of the DNS Rebinding attack, similar to all
DNS Rebinding attacks, requires the DNS Servers to respond with an
Attackers IP Address as well as
bind-users,
In light of Craig Heffner's recent Black Hat talk (here:
https://media.blackhat.com/bh-us-10/whitepapers/Heffner/BlackHat-USA-2010-Heffner-How-to-Hack-Millions-of-Routers-wp.pdf
and here: http://rebind.googlecode.com) I would like to propose a
possible solution in line with the 'DNS
8 matches
Mail list logo