unauthorized DNS zone in North Dakota = $50,000

Capt'n Midnight · 08-03-2009 07:07PM #1

http://www.spamsuite.com/node/351

. On February 27, 2005, David Ritz ("Ritz") connected to Sierra's DNS server. In the course of that connection, he issued a host -l command which requested a zone transfer from Sierra's DNS server. Sierra's server responded with a full zone transfer, providing Ritz with the network map showing all of Sierra's private domain names, private host names, and internal non-routable IP addresses.
...
The literature available on the subject all refers to access attempts such as the host -l command issued by Ritz under the circumstances of this case as "unauthorized." Microsoft itself, as well as various other, authorities all refer to zone transfers conducted by an individual other than the network administrator or an authoritative name server as "unauthorized."

Just interested in peoples take on this, apart from the obvious why was their server granting requests to the interweb ?

Sierra ? well that's another story/

Black Swan · 08-03-2009 07:32PM

Has the Kaminsky DNS attack been completely solved with patches and whatnot, or are there still some vulnerabilities?

Martyr · 09-03-2009 02:45AM

Just interested in peoples take on this, apart from the obvious why was their server granting requests to the interweb ?

did they deliberately configure their DNS to allow unauthorised transfers? in the hope they could bring David to court for "hacking" ?

unauthorized DNS zone in North Dakota = $50,000

Comments