Network Security: Detailed info on RE: DNS cache poisoning?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

RE: DNS cache poisoning?

from [James C Slora Jr] Network Security

[Permanent Link]

Subject:	RE: DNS cache poisoning?
Date:	Wed, 17 Aug 2005 10:03:23 -0400

This appears to be related to a well known issue.

Windows DNS is subject to cache poisoning if forwarding to BIND 4 and 8
servers, which do not properly scrub data. Forwarding to BIND 9 should work
OK because BIND 9 works properly. 

So "dump Windows DNS and use BIND" does not adequately cover the issue.

See:
http://isc.sans.org/diary.php?date=2005-04-07
http://support.microsoft.com/default.aspx?scid=kb;en-us;241352
http://support.microsoft.com/kb/316786

From KB241352, for NT4 SP4 or later:


1. Start Registry Editor (Regedt32.exe). 
2. Locate the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters  
3. On the Edit menu, click Add Value, and then add the following registry
value:
Value Name: SecureResponses
Data Type: REG_DWORD
Value: 1 (To eliminate non-secure data)  
4. Quit Registry Editor

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
DNS cache poisoning?, Willard Van Dyne Re: DNS cache poisoning?, Joel Esler Re: DNS cache poisoning?, Willard Van Dyne Re: DNS cache poisoning?, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] RE: DNS cache poisoning?, James C Slora Jr <= Re: DNS cache poisoning?, chad Re: DNS cache poisoning?, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Re: DNS cache poisoning?, David Pick RE: DNS cache poisoning?, Rabinowitz, Michael CTR MDA/ION Re: DNS cache poisoning?, chad Message not available Re: DNS cache poisoning?, David Glosser

Previous by Date:	RE: Proper ISP Reporting, Ramki B
Next by Date:	Re: Proper ISP Reporting, Rod Barnhart
Previous by Thread:	Re: DNS cache poisoning?, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Next by Thread:	Re: DNS cache poisoning?, chad
Indexes:	[Date] [Thread] [Top] [All Lists]