[Top] [All Lists]

Re: Security problems with SRV records

2011-08-19 09:13:06

+1. I see this as two different problems, and one of the negatives of SRV records is that it opens sites up to discovery issues. Can't do much about that but make sure the site is fortified against attacks.

We use a default 3 attempt login limit across the board and a failure will block the IP across all the internet hosting servers. I can attest this is extremely well liked feature and it has help people go to sleep better. I don't think this necessary protection has anything to do with how the attacker found the site - SRV or otherwise.

Arnt Gulbrandsen wrote:

On 08/19/2011 02:05 PM, Alessandro Vesely wrote:
As well as they automate client setup, SRV records also automate cracking.

How is that?

Keep in mind that the net is small these days. The bruteforce kiddies sweep the entire IPv4 internet, and do it quickly. I set up a new public box the other day, it was swept during its first working day, and I've heard stories of "rooted in x minutes" for scarily small values of x.

I venture to suggest that at the moment, sweeping the IPv4 net looking for open TCP ports is easier than sweeping the DNS looking for SRV records.



Hector Santos

<Prev in Thread] Current Thread [Next in Thread>