[Current] DNS Poisoning on Microsoft

James Bruce jbruce at unitedscience.com
Thu Apr 7 14:00:26 GMT 2005

Hey Allen, Glenn,

Please read the latest handlers diary at sans.

-How to prevent DNS cache pollution

By default, on Windows 2000 Service Pack 1 (SP1) and Windows 2000
Service Pack 2 (SP2), this key does not exist and non-secure data is not
eliminated from responses. Although DNS cache pollution protection is
enabled by default in Windows 2000 SP3 and later, the registry key does
not exist and is not needed. The only reason to create this registry key
is to disable DNS cache pollution protection. For more information about
DNS cache pollution protection, click the following article number to
view the article in the Microsoft Knowledge Base:

-----Original Message-----
From: current-bounces at dshield.org [mailto:current-bounces at dshield.org]
On Behalf Of Allen McRay
Sent: Wednesday, April 06, 2005 9:57 AM
To: Discuss current INFOSEC events.
Subject: RE: [Current] DNS Poisoning on Microsoft

Same here Glenn, 5 machines, all required the manual addition....  fwiw


-----Original Message-----
From: current-bounces at dshield.org [mailto:current-bounces at dshield.org]On
Behalf Of GYamamoto at warrenshepell.com
Sent: Wednesday, April 06, 2005 9:25 AM
To: current at dshield.org
Subject: [Current] DNS Poisoning on Microsoft

According to your notes this morning, Microsoft is patched with SP3 for
Windows 2000 server with DNS.  I found that I still had to add the value
the registry following the link I found on their site.


Current mailing list
Current at dshield.org

More information about the Current mailing list