HKCERT 2008 8 1.............DNS............................. 1
HKCERT 2008 8
HKCERT 2008 8
HKCERT 2008 8
HKCERT 2008 8 DNS DNS - DNS TCP UDP - DNS - DNS 16 ( 65,535 ) DNS - DNS (resource record) ( ) ( 2) ( ) Dan Kaminsky DNS DNS DNS (1) DNS Checker (http://www.doxpara.com/?p=1185) DNS
HKCERT 2008 8 [Linux] dig @IP-of-DNS-SERVER +short porttest.dns-oarc.net TXT [Windows] nslookup -type=txt -timeout=30 porttest.dns-oarc.net IP-of-DNS SERVER
HKCERT 2008 8 1 http://en.wikipedia.org/wiki/dan_kaminsky 2 http://en.wikipedia.org/wiki/domain_name_system 3 http://news.cnet.com/8301-10784_3-9973345-7.html 4 http://www.hkcert.org/chinese/salert/2008/home.html?s080709_multiple_dns_implementation_vuln.html 5 http://en.wikipedia.org/wiki/dns_cache_poisoning 6 http://www.theregister.co.uk/2008/07/25/isps_slow_to_patch/ 7 http://www.securityfocus.com/brief/781 8 http://cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-attacks-with-iptables.html 9 http://en.wikipedia.org/wiki/dnssec
HKCERT 2008 8
HKCERT 2008 8
HKCERT 2008 8
HKCERT 2008 8
HKCERT 2008 8
HKCERT 2008 8 *
HKCERT 2008 8 迹
HKCERT 2008 8
HKCERT 2008 8 :(852)81056060 :(852)81059760 :hkcert@hkcert.org :http://www.hkcert.org