Re: DNS cache poisoning

["Jill Tovey" <jill.tovey () bigbluedoor com>]

Vijay,

I have answered your questions below.  If you have any more queries, let me
know.

1. What is DNS cache poisoning.

DNS servers store all of the local zone files and the results of recursive
queries.  (The length of time these queries are held can be altered but the
default time is the TTL of the zone it is in.

DNS caches can be poisoned when incorrect mapping information is received
from a remote name server.  The DNS server caches the incorrect information
and consequently sends it out to clients when requested.  The information
sent out is vulnerable to capture and corruption.

There are fixes for this, make sure you have the latest version of BIND
running, and you could think about reducing the TTL of cached information,
and filtering name-based authentication services at router level so that DNS
is not relied on for authentication.

2. Is there any way to send secure messages over telnet or ftp other than
ssh.

Yes, with IPsec.

3. What is exact diff btw TACACS and RADIUS

- The main difference is that TACACS+ uses TCP whereas RADIUS uses udp, so
really you are looking at the advantages TCP has over UDP.  The obvious
advantages are that TCP is connection oriented whilst UDP only offers best
effort delivery.  RADIUS does attempt to compensate for the best effort
delivery by employing additional features such as re-transmit attempts and
time-outs, but this is no comparison to the benefits of TCP.

- RADIUS does not allow user control over the router whereas TACACS+ does.

- TACACS+ offers multiprotocol support, whereas RADIUS does not support
certain protocols, I forget which specifically, you will have to google that
:-)

- TACACS+ encrypts the body of a packet ensuring secure communication,
RADIUS only encrypts the password in the access-request packet, leaving it
open to capture.

There are some differences in authentication and authorisation, but I forget
what specifically, the main difference is that TACACS+ uses the independent
AAA architecture whereas RADIUS combines authentication and authorisation
and TACACS+ separates as you can use Kerberos, though you'll have to check
that.

Hope that helps.

Kind Regards,

Jill Tovey
jill.tovey () bigbluedoor com








BigBlueDoor
www.bigbluedoor.com



----- Original Message -----
From: "vijay vikram shreenivos" <karpagamekapali () rediffmail com>
To: <SECURITY-BASICS () SECURITYFOCUS COM>
Sent: Saturday, December 14, 2002 6:29 AM
Subject: DNS cache poisoning


> hi list..........
>
> 1.what is DNS cache poisoning
>
> 2.is there any way to send secure messages over telnet or ftp
> other than ssh.
>
> 3.what is exact diff btw TACACS and RADIUS
>
> awaiting your kind replies
>
> karpagamekapalidurgau
>
>
>
> vijay vikram shreenivos