Recent Pharming Attacks
Simon
Simon at wretched.demon.co.uk
Wed Apr 6 09:26:25 UTC 2005
perry811 wrote:
>
> May i ask if there are any configurations/features which can prevent
> DNS cache posioning in BIND 9.2/3.X ? Or, if any of you have any
> configurations or ideas which can prevent pharming attacks, and you
are
> willing to share, please feel free to email me offline.
BIND should default to being safe from poisoning, as any sensible DNS
server software should.
Do you have any evidence of the recent DNS poisoning attacks working
against ANY recent versions of BIND?
As far as I know only Symantec software, and some default settings for
Microsoft DNS servers are vulnerable.
The Internet Storm Center have more information http://isc.sans.org/
As for tips, don't use Microsoft DNS products if you can possibly help
it.
More information about the bind-users
mailing list