My astaro DNS settings are the following
1)I am allowing internal network to use DNS
2)I am using openDNS to resolve and not the ISP ones
3)I have multiple static entries (in reverse)
4)I am using dyndns
After using nessus to test my astaro box on the inside interface (IPS,port scan allowed), I got the following medium vunerability
The remote DNS server responds to queries for third-party domains
that do not have the recursion bit set.
Explanation
=================
Synopsis
The remote DNS server is vulnerable to cache snooping attacks.
Description
The remote DNS server responds to queries for third-party domains
that do not have the recursion bit set.
This may allow a remote attacker to determine which domains have
recently been resolved via this name server, and therefore which hosts
have been recently visited.
For instance, if an attacker was interested in whether your company
utilizes the online services of a particular financial institution,
they would be able to use this attack to build a statistical model
regarding company usage of that financial institution. Of course, the
attack can also be used to find B2B partners, web-surfing patterns,
external mail servers, and more.
Note: If this is an internal DNS server not accessable to outside
networks, attacks would be limited to the internal network. This
may include employees, consultants and potentially users on
a guest network or WiFi connection if supported.
Solution
Use another DNS software.
See Also
For a much more detailed discussion of the potential risks of allowing
DNS cache information to be queried anonymously, please see:
www.rootsecure.net/.../dns_cache_snooping.pdf
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C[:P]/I:N/A:N)
Plugin Publication Date: 2004/04/27
How can someone resolve this?
This thread was automatically locked due to age.
