Security Basics mailing list archives
Re: DNS cache poisoning
From: "Jill Tovey" <jill.tovey () bigbluedoor com>
Date: Tue, 17 Dec 2002 15:30:42 -0000
Vijay, I have answered your questions below. If you have any more queries, let me know. 1. What is DNS cache poisoning. DNS servers store all of the local zone files and the results of recursive queries. (The length of time these queries are held can be altered but the default time is the TTL of the zone it is in. DNS caches can be poisoned when incorrect mapping information is received from a remote name server. The DNS server caches the incorrect information and consequently sends it out to clients when requested. The information sent out is vulnerable to capture and corruption. There are fixes for this, make sure you have the latest version of BIND running, and you could think about reducing the TTL of cached information, and filtering name-based authentication services at router level so that DNS is not relied on for authentication. 2. Is there any way to send secure messages over telnet or ftp other than ssh. Yes, with IPsec. 3. What is exact diff btw TACACS and RADIUS - The main difference is that TACACS+ uses TCP whereas RADIUS uses udp, so really you are looking at the advantages TCP has over UDP. The obvious advantages are that TCP is connection oriented whilst UDP only offers best effort delivery. RADIUS does attempt to compensate for the best effort delivery by employing additional features such as re-transmit attempts and time-outs, but this is no comparison to the benefits of TCP. - RADIUS does not allow user control over the router whereas TACACS+ does. - TACACS+ offers multiprotocol support, whereas RADIUS does not support certain protocols, I forget which specifically, you will have to google that :-) - TACACS+ encrypts the body of a packet ensuring secure communication, RADIUS only encrypts the password in the access-request packet, leaving it open to capture. There are some differences in authentication and authorisation, but I forget what specifically, the main difference is that TACACS+ uses the independent AAA architecture whereas RADIUS combines authentication and authorisation and TACACS+ separates as you can use Kerberos, though you'll have to check that. Hope that helps. Kind Regards, Jill Tovey jill.tovey () bigbluedoor com BigBlueDoor www.bigbluedoor.com ----- Original Message ----- From: "vijay vikram shreenivos" <karpagamekapali () rediffmail com> To: <SECURITY-BASICS () SECURITYFOCUS COM> Sent: Saturday, December 14, 2002 6:29 AM Subject: DNS cache poisoning
hi list.......... 1.what is DNS cache poisoning 2.is there any way to send secure messages over telnet or ftp other than ssh. 3.what is exact diff btw TACACS and RADIUS awaiting your kind replies karpagamekapalidurgau vijay vikram shreenivos
Current thread:
- DNS cache poisoning vijay vikram shreenivos (Dec 16)
- Re: DNS cache poisoning Shanon (Dec 17)
- Re: DNS cache poisoning Jill Tovey (Dec 17)
- Re: DNS cache poisoning Malte von dem Hagen (Dec 17)
- <Possible follow-ups>
- Re: DNS cache poisoning charles lindsay (Dec 18)