Re: [PLUG] OT: The DNS Patch

JP Vossen on 10 Jul 2008 11:07:03 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] OT: The DNS Patch

From: JP Vossen <jp@jpsdomain.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] OT: The DNS Patch

Date: Thu, 10 Jul 2008 14:06:54 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.14 (Windows/20080421)

> Date: Thu, 10 Jul 2008 09:02:46 -0400 > From: "Brian Vagnoni" <bvagnoni@v-system.net> > > Has anyone else on any platform that has applied the "patch" had systems not be able to connect the the internet? Can you provide more details? I'm interesting in what things are breaking after this issue, in general. But maybe you mean: http://it.slashdot.org/article.pl?sid=08/07/09/205231 MS Security Patch Blocks Net Access For ZoneAlarm Users Posted by timothy on Wednesday July 09, @04:13PM from the oh-there-can't-be-more-than-a-handful dept. Bug Networking Security Windows IT An anonymous reader writes "Users of Check Point ZoneAlarm security products, including the extremely popular, free-of-charge software firewall, have discovered that a Microsoft security update released on Tuesday has blocked their internet access. The firewall manufacturer is 'investigating the issue,' and so far the workaround seems to be to uninstall the recent DNS spoofing vulnerability fix MS08-037 (KB951748), and not reinstall it until Microsoft or Check Point have come up with updated versions of their products." http://forums.zonealarm.org/zonelabs/board/message?board.id=win_za_msgs&message.id=18667 I could also possibly see that a really strict egress filter that requires recursive DNS traffic from internal DNS servers to be sourced only from port 53 would break after the patch. That's a silly enough rule that I wouldn't expect to see it in the wild. But then, I've seen lots of silly "security" things I didn't expect, so... Later, JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: [PLUG] it reaches out from the grave...

Next by Date: Re: [PLUG] it reaches out from the grave...

Previous by thread: Re: [PLUG] OT: The DNS Patch

Next by thread: [PLUG] it reaches out from the grave...

Index(es):

Date

Thread