large organization nameservers sending icmp packets to dns servers.
David Conrad
drc at virtualized.org
Wed Aug 8 16:38:28 UTC 2007
On Aug 8, 2007, at 8:59 AM, Jamie Bowden wrote:
> How is answering a query on TCP/53 any MORE dangerous than
> answering it
> on UDP/53? Really. I'd like to know how one of these security
> nitwits
> justifies it. It's the SAME piece of software answering the query
> either way.
How many bytes of shell code can you stuff in a 512 byte DNS UDP packet?
How many bytes of shell code can you stuff in a TCP DNS connection?
Rgds,
-drc
P.S. I still think blocking TCP/53 is stupid.
More information about the NANOG
mailing list