On Wed, Jul 09, 2008 at 04:20:54AM +0000, Bojan Smojver wrote: > Jeffrey Ollie <jeff <at> ocjtech.us> writes: > > > I think that the problem is mostly a server problem > > According to this: > > http://www.kb.cert.org/vuls/id/800113 > > It is not just a server problem: > > "These caching resolvers are the most common target for attackers; however, stub > resolvers are also at risk." > > [...] > > "As mentioned above, stub resolvers are also vulnerable to these attacks. Stub > resolvers that will issue queries in response to attacker behavior, and may > receive packets from an attacker, should be patched. System administrators > should be alert for patches to client operating systems that implement port > randomization in the stub resolver." > > AFAIK, glibc is stub resolver on Fedora, hence the question. > > -- > Bojan In my opinion endpoint stub resolvers are not so vulnerable. If you want spoof DNS data to resolver you have to force that resolver to send query for name that you know - which is often impossible in glibc's resolver case (AFAIK only happen when attacker opens connection to some service and that service asks for attacker's reverse DNS record for example). Adam -- Adam Tkac, Red Hat, Inc. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
