ICANN/GNSO GNSO Email List Archives

[ga]

<<< Chronological Index >>>    <<< Thread Index >>>

[ga] Network Attacks Via DNS

  • To: General Assembly of the DNSO <ga@xxxxxxxxxxxxxx>
  • Subject: [ga] Network Attacks Via DNS
  • From: Jeff Williams <jwkckid1@xxxxxxxxxxxxx>
  • Date: Mon, 02 Aug 2004 17:51:54 -0700
  • Organization: INEGroup Spokesman
  • Sender: owner-ga@xxxxxxxxxxxxxx
All former DNSO GA members or other interested stakeholders/users,

 It would again seem that the latest version of Bind is either not
installed broadly enough or it isn't working well enough to counter
the existing security holes in DNS.

  From Slashdot:
"Without DNS the internet wouldn't be all that
useful. Despite being a ubiquitous part of the internet it is overlooked

by many as a potential security hole. At this weekends [0]Defcon 12
conference in Las Vegas, security researcher [1]Dan Kaminsky warned that

[2]DNS can open up seemingly secure networks to attack. Because most
firewalls and other security devices treat DNS requests as harmless it
provides an excellent conduit for transferring covert data in and out of

otherwise protected systems. At Defcon, Kaminsky demonstrated some
software that allows a server to act as a communications hub using DNS.
This let him transmit instant messages and even audio streams over an
encrypted connection carried by spoofed DNS requests."

This story continues at:
    http://it.slashdot.org/article.pl?sid=04/08/01/0425225

Discuss this story at:
    http://it.slashdot.org/comments.pl?sid=04/08/01/0425225

Links:
    0. http://www.defcon.org/html/defcon-12/dc-12-index.html
    1. http://www.defcon.org/html/defcon-12/dc-12-speakers.html#kaminsky

    2. http://news.com.com/2100-1002_3-5291874.html?tag=nefd.top

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Be precise in the use of words and expect precision from others" -
    Pierre Abelard

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827
<<< Chronological Index >>>    <<< Thread Index >>>