large organization nameservers sending icmp packets to dns servers.
Mark Andrews
Mark_Andrews at isc.org
Fri Aug 10 23:57:02 UTC 2007
> >>> On 8/9/2007 at 10:07 PM, Mark Andrews <Mark_Andrews at isc.org> wrote:
>
> > In article <200708100143.l7A1hNSY034263 at drugs.dv.isc.org> you write:
> >>
> >> I suspect that the origin of the myth that DNS/TCP is more
> >> dangerous than DNS/UDP is that the first root expliot of
> >> named was over TCP not UDP. There were later exploits that
> >> were UDP only which totally busted the myth but it continues
> >> to live.
> >>
> >> Mark
> >
> > Just to make it clear. This was BIND 4/8 code and the bugs
> > were addressed in the last millennia.
> >
> > To date there are no known root exploits for BIND 9.
>
> Because who runs BIND as root anymore?
Lots of people. It's the only way you can handle some
events.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the NANOG
mailing list