|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Makoto Shiotsuki (shio_at_ST.RIM.OR.JP)
Date: Tue Jul 30 2002 - 20:35:54 CDT
As described in the CERT Vulnerability Note VU#458659, there is
a registry entry "QueryIpMatching" to prevent W2K DNS resolver
from accepting responses from non-queried DNS servers.
Many documents including VU#458659, ISS X-Force#4280, and DNS
white papers from Microsoft indicate that the registry location
for "QueryIpMatching" is;
HKLM\System\CurrentControlSet\Services\Dnscache\Parameters
But as far as I and another person tried, correct location is;
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
This registry location (...\Tcpip\Parameters) is described in
"Microsoft Windows 2000 TCP/IP Implementation Details".
I hope this confusion will be cleared up.
References:
CERT/CC Vulnerability Note VU#458659
http://www.kb.cert.org/vuls/id/458659
ISS X-Force win2k-dns-resolver (4280)
http://www.iss.net/security_center/static/4280.php
DNS Caching, Network Prioritization, and Security
http://www.microsoft.com/
technet/prodtechnol/winxppro/reskit/prjj_ipa_vitx.asp
Microsoft Windows 2000 TCP/IP Implementation Details
http://www.microsoft.com/
TechNet/itsolutions/network/deploy/depovg/tcpip2k.asp
(Thanks Noda-san for the testing ;)
Makoto Shiotsuki
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]