large organization nameservers sending icmp packets to dns servers.

• Previous message (by thread): large organization nameservers sending icmp packets to dns servers.
• Next message (by thread): large organization nameservers sending icmp packets to dns servers.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>> On 8/9/2007 at 10:07 PM, Mark Andrews <Mark_Andrews at isc.org> wrote:

> In article <200708100143.l7A1hNSY034263 at drugs.dv.isc.org> you write:
>>
>>	I suspect that the origin of the myth that DNS/TCP is more
>>	dangerous than DNS/UDP is that the first root expliot of
>>	named was over TCP not UDP.  There were later exploits that
>>	were UDP only which totally busted the myth but it continues
>>	to live.
>>
>>	Mark
> 
> 	Just to make it clear.  This was BIND 4/8 code and the bugs
> 	were addressed in the last millennia.
> 
> 	To date there are no known root exploits for BIND 9.

Because who runs BIND as root anymore?
-- 

Crist J. Clark                              
crist.clark at globalstar.com
Globalstar Communications                                (408)
933-4387


B¼information contained in this e-mail message is confidential, intended
only for the use of the individual or entity named above. If the reader
of this e-mail is not the intended recipient, or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that any review, dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this e-mail
in error, please contact postmaster at globalstar.com 

• Previous message (by thread): large organization nameservers sending icmp packets to dns servers.
• Next message (by thread): large organization nameservers sending icmp packets to dns servers.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]