LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author]

  From: Glen Turner <glen.turner@aarnet.edu.au>
  To  : linuxsa@linuxsa.org.au
  Date: Tue, 01 Feb 2000 13:14:55 +1030

Re: Domain Name service HOWTO

Jake Hawkes wrote:

> 0) read /usr/doc/HOWTO/DNS-HOWTO. This is a fantastic doc. It is easy
> and simple and works without fail.

Actually the DNS-HOWTO establishes a configuration that
can be used to launch denial of service attacks on
other machines.

I wrote to the author last year asking that it be changed,
but he thought the attack was "academic", this at a time when
we had >4Mbps of echo DNS requests coming into USydney.

Mark Andrews, the current BIND DNS maintainer, also wrote
to the DNS-HOWTO maintainer.  Again with no luck.

So once you've set up according to the DNS-HOWTO, please
apply the security configuration at:

ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos

The next edition of the cricket book will contain this
configuration.

-- 
 Glen Turner                                 Network Engineer
 (08) 8303 3936      Australian Academic and Research Network
 glen.turner@aarnet.edu.au          http://www.aarnet.edu.au/
--
 Earth is a single point of failure

Index: [thread] [date] [subject] [author]

Return to the LinuxSA Mailing List Information Page