Secure BIND Template v3.1 released
Hi, all. Hopefully this is reasonably on topic. :) I have made version 3.1 of the Secure BIND Template available here: http://www.cymru.com/~robt/Docs/Articles/secure-bind-template.html It has been reviewed by minds greater than mine. The mistakes are all my own. :) Comments and feedback are always welcome! Be the first in your netblock to join the CREDITS section. :) Thanks, Rob. -- Rob Thomas http://www.cymru.com/~robt ASSERT(coffee != empty);
An attacker can easily convince a client with access to the trusted view to perform queries on its behalf, in countless ways. He can send the trusted client a trojan to install Backorifice. Or he can simply send him an email and convince the trusted client to reply. Or send him a link. Or put his link in a website the client is likely to visit. So I am not quite sure what the trusted view protects against. Anyone can still get a malicious recursive query to the internal view if they really want to. --On Friday, November 30, 2001 11:18 AM -0600 Rob Thomas <robt@cymru.com> wrote:
Hi, all.
Hopefully this is reasonably on topic. :) I have made version 3.1 of the Secure BIND Template available here:
http://www.cymru.com/~robt/Docs/Articles/secure-bind-template.html
It has been reviewed by minds greater than mine. The mistakes are all my own. :) Comments and feedback are always welcome! Be the first in your netblock to join the CREDITS section. :)
Thanks, Rob. -- Rob Thomas http://www.cymru.com/~robt ASSERT(coffee != empty);
--- "The avalanche has already begun. It is too late for the pebbles to vote." -- Kosh
Hi, Mike. Thanks for taking the time to review the template! ] An attacker can easily convince a client with access to the trusted view to ] perform queries on its behalf, in countless ways. He can send the trusted I never claimed that this template would provide 100% security. This is the Internet; it shall never be 100% secure. The goal of the template is to mitigate or block the more obvious attack vectors, and provide an increased degree of security. While it is certainly possible to install trojans such as Sub7 (more popular than BO) or BO on a host, that is an issue for a different template and/or policy to address. :) ] So I am not quite sure what the trusted view protects against. Anyone can It protects against the script kiddies, which are the bulk of the miscreants we face. I spend a LOT of time lurking in the underground, and most of them (most, NOT all) try only the easy or scripted hacks, then move on to easier targets if the hacks fail. Two men are camping in the woods. Suddenly, in the dead of night, a bear rips through their tent. The first fellow takes off running. The second fellow runs for a bit, then stops to put on his running shoes. The first fellow says: "What are you doing?! You can't outrun the bear!" To which the second fellow replies: "I don't have to outrun the bear; I just have to outrun YOU." :) This joke, told to me by Detective Bittenbinder of the CPD, still holds true in many instances of probes, particularly when some miscreant is attempting to build a botnet or DoSnet. It doesn't at all hold true if the miscreant has targeted the site, of course. ] still get a malicious recursive query to the internal view if they really ] want to. But why would a determined attacker do this? If they have sufficient clue, they will simply "0wn" the system through the most recent [SSH|WU-FTP|etc.] hack. I have yet to see the site that can withstand the attention of a determined and clueful attacker. Thanks, Rob. -- Rob Thomas http://www.cymru.com/~robt ASSERT(coffee != empty);
participants (2)
-
Mike Batchelor
-
Rob Thomas