Re: DNS Rebinding Prevention for the Weak Host Model Attacks

2010-08-17 Thread Barry Margolin
In article , Florian Weimer wrote: > * Bradley Falzon: > > > Craig Heffner's version of the DNS Rebinding attack, similar to all > > DNS Rebinding attacks, requires the DNS Servers to respond with an > > Attackers IP Address as well as the Victims IP Address, in a typical > > Round Robin fashio

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

2010-08-17 Thread Bradley Falzon
On Wed, Aug 18, 2010 at 1:05 AM, Phil Mayers wrote: > On 08/17/2010 04:31 PM, Florian Weimer wrote: >> >> * Bradley Falzon: >> >>> Craig Heffner's version of the DNS Rebinding attack, similar to all >>> DNS Rebinding attacks, requires the DNS Servers to respond with an >>> Attackers IP Address as

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

2010-08-17 Thread Bradley Falzon
On Wed, Aug 18, 2010 at 1:01 AM, Florian Weimer wrote: > * Bradley Falzon: > >> Craig Heffner's version of the DNS Rebinding attack, similar to all >> DNS Rebinding attacks, requires the DNS Servers to respond with an >> Attackers IP Address as well as the Victims IP Address, in a typical >> Round

Re: «tsig verify failure» only on some zones

2010-08-17 Thread Hauke Lampe
Joachim Tingvold wrote: > During initial startup of NS3, most zones gets «tsig verify failure»,   > but some zones are successfully transferred. All zones uses the same   > transfer-key. > Could this be an issue with different BIND-versions, or are there   > other matters that could cause

«tsig verify failure» only on some zones

2010-08-17 Thread Joachim Tingvold
Hi, I've been trying to wrap my head around this for a while now, so I thought I'd ask around here. For a while, I've had two nameservers, one master (let's call this NS1), one slave (let's call this NS2) -- which has been working flawlessly. They've both run BIND 9.6-ESV-R1 on Debian Len

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

2010-08-17 Thread Phil Mayers
On 08/17/2010 04:31 PM, Florian Weimer wrote: * Bradley Falzon: Craig Heffner's version of the DNS Rebinding attack, similar to all DNS Rebinding attacks, requires the DNS Servers to respond with an Attackers IP Address as well as the Victims IP Address, in a typical Round Robin fashion. Previo

Re: DNS Rebinding Prevention for the Weak Host Model Attacks

2010-08-17 Thread Florian Weimer
* Bradley Falzon: > Craig Heffner's version of the DNS Rebinding attack, similar to all > DNS Rebinding attacks, requires the DNS Servers to respond with an > Attackers IP Address as well as the Victims IP Address, in a typical > Round Robin fashion. Previous attacks would normally have the Victim