This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: why is bash trying to access my DNS?


Randall:

There's nothing that a legitimate DNS server can elicit from a client.
Although, in some special cases, clients can be hacked by specially
crafted DNS responses.

However, if a system is infected with a trojan, then obviously said
system has the potential to be used as a zombie for attacking any
server.  In this instance (regarding DNS), ZoneAlarm would do you some
good provided that you never send DNS queries outside of ones network.

But exactly how plausible is that?  What I'm questioning is this: how
helpful is the DNS activity alert on ZoneAlarm?  Unless it's looking for
the myriad of DNS vulnerablities listed at CERT and other similar
resources, then it's a farily usless check, IMHO.  And given that it
appears (from my limited perspective) to be flagging normal DNS traffic,
then I'm of the opinion it's quite useless indeed for the application in
which it's intended to be used, and has in this instance raised concern
where none is actually warrented.

But to answer your original question regarding the data that can be
"sneakily sent via a DSN request", check this out:

http://search.cert.org/query.html?col=certadv&col=vulnotes&ht=0&qp=&qt=DNS+BIND&qs=&qc=&pw=100%25&ws=1&la=en&qm=0&st=1&nh=25&lk=1&rf=2&rq=0&si=1



On Tue, 2003-03-04 at 00:53, Randall R Schulz wrote:
> David,
> 
> At 21:20 2003-03-03, David Means wrote:
> >On Mon, 2003-03-03 at 23:59, Randall R Schulz wrote:
> > > Geoffrey,
> > >
> > > ...
> > >
> > > Oops. I mean what data can sneakily be sent via a DNS request?
> > >
> > > Randall Schulz
> >
> >Actually, plenty.  Historically, Bind has been easily 
> >hacked.  Although it's been a while since a good vulnerability was 
> >found in Bind, that doesn't mean there's not an unknown hole in it 
> >which could be exploited.
> 
> Please be specific. What information can be elicited by the DNS server 
> from the DNS client when the client makes a DNS request?
> 
> I really think there are more important things to worry about, but I'd 
> like to learn how I might be wrong.
> 
> 
> >--
> >David Means
> 
> 
> Randall Schulz 
> 
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
-- 
David Means

Being a programmer is like being married: You talk to your
spouse about lots of things, only to find that something you 
said (and promptly forgot) has come back to bite you in the ass 
months later.  

Attachment: signature.asc
Description: This is a digitally signed message part


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]