Not that I'm aware of. DNS is not really my strongest suite so I have to
rely upon our DNS guys.
I believe that there needs to be an upgrade to fix the problem.

If anyone disagrees please correct me.

One thing to do is to change the version posting in the named.conf file.
The scanner looking for sub 9.1 could be tricked. Actual attack failing of
course.

-----Original Message-----
From: Russell Fulton [mailto:r.fultonAUCKLAND.AC.NZ]
Sent: Wednesday, January 31, 2001 1:42 PM
To: INCIDENTSSECURITYFOCUS.COM
Subject: Re: DNS Bind

On Wed, 31 Jan 2001 10:47:24 -0800 "Somaini, Justin"
<Justin.SomainiSCHWAB.COM> wrote:

> Has anyone seen attacks, other than Microsoft, in regards to the bind tsig
> vuln.?

I've seen an increase in version probes against our advertised name
servers.

One question: I understand that the tsig vulnerability is in the
DNSSEC code and, so far as I am aware, we are not using this now. Are
there any options in the BIND config to disable DNSSEC? (as a stop gap
until we can get the software upgraded).

Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]