Re: [ISN] CERT warns of another BIND problem

From: InfoSec News (isnat_private)
Date: Thu Jun 06 2002 - 20:13:46 PDT

  • Next message: InfoSec News: "[ISN] Security through obsolescence"

    Forwarded from: rferrellat_private
    > "It is normal for a company to run two name servers. If you manage
    > to shoot both of them down, the company will disappear from the
    > Internet," Petursson said.
    No, it will simply stop receiving information sent to that hostname,
    and even then not (entirely) until the name to IP address mapping
    expires from the cache of other DNS servers (usually 20-24 hours).
    It is important to remember that computers use IP addresses to
    communicate over the Internet.  They don't care about or make any use
    of the host names that we're so fond of employing.  The domain name
    system exists solely to make it easier for people to find the Web site
    they're looking for.  If you make a host table on your own computer,
    you can map whatever name you want to whatever address you want, DNS
    notwithstanding.  It doesn't have to conform to the
    '.com/.org/.net/.gov/.mil/' et al.  conventions, either.  If you're
    using Win 98, for example, and you make a file called 'hosts' in the
    /windows directory on your root drive that contains the following line digger
    and then type either "" or "digger"  into the
    URL box of your browser, you'll end up at Microsoft, just the same as
    if you typed "" We used to keep our own individual
    host tables and update them every night, back before the Internet got
    so big that this became impractical.
    DNS cache poisoning and DNS denial of service attacks are annoying,
    and even potentially damaging if you're not very savvy about the
    various alternate means of mining for domain name to IP address
    mapping. But they don't in themselves make anyone 'disappear from the
    Internet.' Directory assistance may be out of commission, but the
    phone still works if you know the number.
    Robert G. Ferrell
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Jun 06 2002 - 23:04:34 PDT