DNS Proxy Helps; NAT/PAT Devices Exacerbate Issue
Severity: Medium
18 July, 2008
Update:
Last week, we published an alertabout some DNS protocol vulnerabilities that could affect any software or networking devices that run DNS servers, and to a lesser extent, DNS clients. By sending your DNS server (or client) a series of specially crafted DNS queries and/or responses, an attacker could poison your DNS server’s cache with arbitrary IP addresses, thus potentially forcing your users to visit arbitrary, malicious web sites.
This alert adds one new wrinkle pertaining to this issue, then explains a DNS proxy configuration that may help mitigate the risk of DNS cache poisoning attacks in general. First, the new wrinkle:
0 Comments