[nsp-sec] List of vulnerable DNS resolvers
SURFcert - Peter
p.g.m.peters at utwente.nl
Thu Jul 24 04:24:13 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nicolas FISCHBACH wrote on 23-7-2008 19:07:
> We are not (re. my Nominum post from yesterday - BTW, thanks Paul/Florian/
> Gerard) but some of our customers are starting to drive us nuts thru
> various
> escalation channels and it look like we are going to have to apply a CNS
> beta that "fixes" the POOR rating from the various online checking tools...
I found out a lot of servers are configured with a fixed source port.
Fixing that involved not only changing the nameserver configuration but
also checking whether some firewalls were configured to only allow this
traffic on these ports.
- --
Peter Peters
SURFcert Officer off Duty
cert at surfnet.nl http://cert.surfnet.nl/
office-hours: +31 302 305 305 emergency (24/7): +31 622 923 564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIiDwselLo80lrIdIRAs8LAJ0csXl6F0CABR6WUaojgsAt/sDy5wCfcyYT
/7LxNxDBJleuLXI6JsVUD1I=
=M3DX
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list