Dear Denis,
As I told before, this feature/vulnerability related with dynamic dns
updates is known for a long time. My experience has demonstrated that this
weak configuration is very common and extended between most companies and
some of the attack vectors that I exposed were never considered as
On Thu, 22 Mar 2007 11:35:18 +0100 Andres Tarasco wrote:
> By default, most Microsoft DNS servers integrated with active directory allow
> insecure dynamic updates for dns records.
This statement is way too broad. Creating an AD-integrated zone in Windows
Server 2003 does create a "secure updates
Hi list,
By default, most Microsoft DNS servers integrated with active directory
allows
insecure dynamic updates for dns records.
This feature allows remote users to create, change and delete DNS records.
There are several attack scenarios:
+ MITM attacks: Changing dns records for the network pr