[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] msblast is starting now
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] msblast is starting now
- From: "Bernie, CTA" <cta@hcsin.net>
- Date: Fri, 15 Aug 2003 14:05:28 -0400
On 15 Aug 2003 at 12:05, Jonathan Rickman wrote:
> On Friday 15 August 2003 07:03, B3r3n wrote:
> > msblast start now on far eastern countries. We have a site in
> > Auckland and so I'll know soon if our DNS to localhost
> > protection is valuable.
> It is irrelevant now. MS has removed the DNS entries for
> windowsupdate.com.
>
Now I don't think that was such a smart move.
It wouldn't take much to setup a bunch of bogus DNS servers to
answer as "windowsupdate.com" with a pointer to a new A record,
or better yet, round-robin to an infinite number of FQDN, or IP
addresses. In fact, a new variant placed on compromised system
could help (direct) windows TCP/IP to find and use these bogus
NS, giving almost endless control of the target address.
Hey, great pre-school project for the script kiddies!
-
-
****************************************************
Bernie
Chief Technology Architect
Chief Security Officer
cta@hcsin.net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go
// to avoid the pure labor of honest thinking."
// Honest thought, the real business capital.
// Observe> Think> Plan> Think> Do> Think>
*******************************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html