Comments on: The DNS Vuln

By: LonerVamp

LonerVamp — Mon, 19 Jan 2009 14:20:06 +0000

There could be an insider case made as well. I know our DCs double as our internal-only DNS servers. This vuln in the DNS means our DCs could be popped internally. The only real solution (for us, I think) is to migrate DNS off the DCs. But that's not something the team wants to do, so we'll just wait for a patch. My IPS should notice this attack, thankfully.

I'd be curious if this turns into a worm. I think a worm that combines mass-mail along with internet/intranet scanning could be pretty damaging.

Code Red, no. But I think the number of Windows DNS servers is underestimated. Externally, no, but internally, there's a lof of them…and they're likely all in the very soft underbelly of networks making them very juicy indeed…

Post the damned VERT solution. And yes, while I got your email, I just haven't had time or luck with that challenge. :

By: .:Computer Defense:. » RPC DNS Worm

.:Computer Defense:. » RPC DNS Worm — Tue, 17 Apr 2007 14:59:15 +0000

[...] Yesterday I questioned if we’d see a worm related to the RPC DNS Vuln… [...]

By: LonerVamp

LonerVamp — Mon, 16 Apr 2007 15:09:47 +0000

There could be an insider case made as well. I know our DCs double as our internal-only DNS servers. This vuln in the DNS means our DCs could be popped internally. The only real solution (for us, I think) is to migrate DNS off the DCs. But that’s not something the team wants to do, so we’ll just wait for a patch. My IPS should notice this attack, thankfully.

I’d be curious if this turns into a worm. I think a worm that combines mass-mail along with internet/intranet scanning could be pretty damaging.

Code Red, no. But I think the number of Windows DNS servers is underestimated. Externally, no, but internally, there’s a lof of them…and they’re likely all in the very soft underbelly of networks making them very juicy indeed…

Post the damned VERT solution. And yes, while I got your email, I just haven’t had time or luck with that challenge. :\