Subject: BIND9 is an effective "filter" on resolver overflow (fwd)
To: None <firstname.lastname@example.org>
From: Darren Reed <email@example.com>
Date: 06/27/2002 10:22:51
> To: Brett Glass <firstname.lastname@example.org>
> Cc: security@FreeBSD.ORG
> From: Mark.Andrews@isc.org
> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv
> Date: Thu, 27 Jun 2002 10:12:08 +1000
> > Aaargh. This will affect not only more recent systems but
> > the older 3.x and embedded systems I maintain for people.
> > There's no patch for these, and in the case of the embedded
> > systems that use BSD I can't upgrade.
> > Any word on whether one can detect and block such attacks
> > upstream via an IDS or a proxy at the firewall?
> > --Brett Glass
> Provided you are behind a nameserver you trust that reconstructs
> the answer you should be fine.
> BIND 9 reconstucts all answers (excluding forwarded UPDATES).
> BIND 8 forwards some and reconstructs others.
> > At 01:08 PM 6/26/2002, FreeBSD Security Advisories wrote:
> > >-----BEGIN PGP SIGNED MESSAGE-----
> > >
> > >============================================================================
> > =
> > >FreeBSD-SA-02:28.resolv Security Advisor