tcp/udp, clarification please

Brad Knowles brad.knowles at
Thu Oct 11 15:51:36 UTC 2001

At 8:23 AM -0700 2001/10/11, Bill Manning wrote:

>  The biggest problem is your assertion that TCP access to the DNS is how
>  most hacks to the DNS occur.  I, for one, would be interested in how you
>  reached this conclusion and any data you have to back this belief. Most
>  of the attack vectors to the DNS, that I am aware of, are exploitable
>  via UDP as well as TCP.

	Actually, the more I think about it, the more I think that 
most DNS-related attacks probably come through UDP and not TCP.  It's 
much harder to spoof a "reply" as coming from a particular host with 
TCP, whereas it's trivially easy to do with UDP.  This means that 
cache-poisoning attacks are harder to perform over TCP and much 
easier over UDP.  Most other DNS-related attacks (including DoS 
attacks) that I know of also make use of UDP and not TCP.

Brad Knowles, <brad.knowles at>


More information about the bind-users mailing list