Vulnerability Scanner Finding
Received the following finding from security scanner. The server is a domain controller with active directory. Is there a fix?
The remote name resolver (or the server it uses upstream) may be vulnerable
to DNS cache poisoning.
The remote DNS resolver does not use random ports when making queries to
third party DNS servers.
Thank You.
September 1st, 2012 12:34pm
Hello,
Please post some topology information, there is not even an indication of your OS! What scanner did you run?
Hotfixes address all of these issues. Ref the AD domain controller: the question here is whether it's up to date on hotfixes and whether it's exposed to the Internet, either directly or though port forwarding.
I would apply all updates and re-run the scanner.
http://msmvps.com/blogs/acefekay/archive/2009/09/03/the-dns-cache-poisoning-vulnerability-microsoft-kb953230-patch-and-ports-reservation-explained.aspx
http://technet.microsoft.com/en-us/security/bulletin/ms08-037
http://www.cert.org/archive/pdf/dns.pdf
Miguel Fra | Falcon IT Services, Miami, FL
www.falconitservices.com |
www.falconits.com |
Blog
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2012 12:56pm