[nsp-sec] Solutions for the DNS vul? - Suggestion
White, Gerard
Gerard.White at aliant.ca
Thu Jul 24 08:58:23 EDT 2008
While not a _countermeasure_ one thing you can do is watch for
increased flows of ICMP Port unreachable traffic towards your DNS Infrastructure.
One thing I have noticed about the metasploit modules is that the box SHOULD
generate ICMP Port Unreachable messages as the exploit code is executed (in response
to the "replies" that come back from the target during the <random_12_char>.domain
run...
Unless of course the miscreant is smart enough to filter that stuff away... which
doesn't happen, sometimes...
GW
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Yonglin ZHOU
> Sent: Thursday, July 24, 2008 5:55 AM
> To: nsp-security NSP
> Subject: [nsp-sec] Solutions for the DNS vul?
>
> ----------- nsp-security Confidential --------
>
> Beside patching the dns servers, any other supplementary countermeasures?
>
> Thanks.
>
> --
> -------[CNCERT/CC]-----------------------------------------------
> Zhou, Yonglin 【周勇林】
> CNCERT/CC, P.R.China 【国家计算机网络应急技术处理协调中心】
> Tel: +86 10 82990355 Fax: +86 10 82990399 Web: www.cert.org.cn
> Finger Print: 9AF3 E830 A350 218D BD2C 2B65 6F60 BEFB 3962 1C64
> -----------------------------------------------[CNCERT/CC]-------
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list