漏洞扫描工具: Acunetix Web Vulnerability Scanner 6.5
漏洞描述:[ dns cache snooping]
The remote DNS server is vulnerable to DNS cache snooping attacks. DNS cache snooping is the process of determining whether a given Resource Record (RR) is (or not) present on a given DNS cache.
The most effective way to snoop a DNS cache is using iterative queries. One asks the cache for a given resource record of any type (A, MX, CNAME, PTR, etc.) setting the RD (recursion desired) bit in the query to zero. If the response is cached the response will be valid, else the cache will reply with information of another server that can better answer our query, or most commonly, send back the root.hints file contents.
This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited. Publicly available DNS servers should only response to queries regarding hosts to which they are authoritative.
The most effective way to snoop a DNS cache is using iterative queries. One asks the cache for a given resource record of any type (A, MX, CNAME, PTR, etc.) setting the RD (recursion desired) bit in the query to zero. If the response is cached the response will be valid, else the cache will reply with information of another server that can better answer our query, or most commonly, send back the root.hints file contents.
This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited. Publicly available DNS servers should only response to queries regarding hosts to which they are authoritative.
This vulnerability affects
Server.
请问各位以上是什么意思?该漏洞如何解决?
5126
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
