On 11/16/11 10:55 AM, "Chris Brookes" <cbroo...@gmail.com> wrote:
> Any info on whether the newly announced bug can be triggered before
> the query ACL is applied on a recursive only server? An authoritative
> only server ought to be safe?
Hmm, good question. Then folks with IDS/IPS hooks could potentially catch
who's sending the bad queries and mitigate with ACL additions... With all
due caution typically associated with such an approach. ;-)
>From everything I've read, authoritative servers should not be vulnerable
since it equates to malformed cache entries.
Of course only time will tell if this is a random find or targeted attack.
If targeted (e.g. Motivated bad guy sitting in a room with BIND9 code),
there may be others looming. I'm glad ISC is looking. I'm genuinely
curious, but keep recalling the phrase, "Never attribute to malice that
which is adequately explained by stupidity." Regardless, it's a good time
to be watching logs!
--
By nature, men are nearly alike;
by practice, they get to be wide apart.
-- Confucius
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
