IOS Vulnerability reported by nessus

Hi,
I have a customer that has run a nessus vulnerability scan, and it reports that there is a dos risk on his 3750, even though the nessus report relates to winterm thin clients.
Quote:
It was possible to crash the remote host by sending a specially crafted IP packet with a null length for IP option #0xE4
Risk Factor : High
CVE : CVE-2005-2577
BID : 7175, 14536
I am relativley new to security and have been unable to find any reference to this threat. Any help would be greatly appreciated.
Thanks

Hi,
Thanks for the reply, the switch didn't crash he is just worried that it could, though all the info I can find relates to thin clients also. He is just very worried as this unit is actings right at his core for layer 3 on a major part of his network.
the IOS concerened is c3750-ipservices-mz.122-25.SEB4, but I cant see any bug on this that relates to altered packets.

Similar Messages

  • I have an error msg:  Warning!! iOS Crash Report

    I just got this error msg.
    Warning!!  iOS Crash Report.   Due to a third party application in your phone, iOS is crashed.  Contact Support for an Immediate Fix.
    There is a 1-800 number noted.  Is this legit or this this a virus?  We have tried shutting down the ipad and re-setting but nothing seems to work.  This error message keeps popping up.  Anyone got any ideas?

    Please tell me that it has NEVER been jailbroke.  If it has never been jailbroke, here are some standard repair procedures:
    First, try a system reset.  It cures many ills and it's quick, easy and harmless...
    Hold down the on/off switch and the Home button simultaneously until you see the Apple logo.  Ignore the "Slide to power off" text if it appears.  You will not lose any apps, data, music, movies, settings, etc.
    If the Reset doesn't work, try a Restore.  Note that it's nowhere near as quick as a Reset.  It could take well over an hour!  Connect via cable to the computer that you use for sync.  From iTunes, select the iPad/iPod and then select the Summary tab.  Follow the on-screen directions for Restore and be sure to say "yes" to the backup.  You will be warned that all data (apps, music, movies, etc.) will be erased but, as the Restore finishes, you will be asked if you wish the contents of the backup to be copied to the iPad/iPod.  Again, say "yes."
    At the end of the basic Restore, you will be asked if you wish to sync the iPad/iPod.  As before, say "yes."  Note that that sync selection will disappear and the Restore will end if you do not respond within a reasonable time.  If that happens, only the apps that are part of the IOS will appear on your device.  Corrective action is simple -  choose manual "Sync" from the bottom right of iTunes.
    If you're unable to do the Restore (or it doesn't help), go into Recovery Mode per the instructions here.  You WILL lose all of your data (game scores, etc,) but, for the most part, you can redownload apps and music without being charged again.  Also, read this.

  • IOS crash report - mediaserverd: RPCTimeout message received to terminate

    I see some strange crash reports which I couldn't understand much what it is. I believe it is something related to audio service in iOS. I am working on a audio app where each record is played in FIFO order. Is the crash log is something to do with my app? Here is the snippet of the crash report
    Incident Identifier: 56987C0E-3207-43E2-A30F-CA62DACA341B
    CrashReporter Key:   39cfbba1b55bae50131e2b43a44f512635ffdedc
    Hardware Model:      iPod5,1
    OS Version:          iPhone OS 6.1.3 (10B329)
    Kernel version:      Darwin Kernel Version 13.0.0: Wed Feb 13 21:37:47 PST 2013; root:xnu-2107.7.55.2.2~1/RELEASE_ARM_S5L8942X
    Date:                2013-09-20 19:48:08 +0530
    Exception Code:      0xbe18d1ee
    Reason:              mediaserverd: RPCTimeout message received to terminate [4773] with reason 'fig rpc timeout -- playerremote_CopyProperty [ NowPlayingAppPID ]'
    Thermal Level:       0
    Thermal Sensors:    3284 3517 3539 3165 3594
    Frontmost process PID:    68
    Jetsam Level:              0
    Free Pages:            21115
    Active Pages:          22813
    Inactive Pages:        14162
    Purgeable Pages:        1390
    Wired Pages:           21867
    Speculative Pages:       765
    Throttled Pages:       47808
    Busy Buffer Count:         0
    Pages Wanted:              0
    Pages Reclaimed:           0
    Process 0 info:
        resident memory bytes:  70152192
        page faults:              10157
        page-ins:                     0
        copy-on-write faults:         0
        user   time in task: 201946.766630 seconds
        system time in task:     0.000000 seconds
    Process 0 kernel_task threads:
    thread 0x1 TH_WAIT|TH_UNINT 0x803262e0
        thread priority:          92
        thread sched flags:     none
        kernel cont 800622ed
        user   time in thread:     1.240739 seconds
        system time in thread:     0.000000 seconds
    thread 0x2 TH_RUN|TH_IDLE 0
        thread priority:           0
        thread sched flags:     none
        kernel cont 800256c9
        user   time in thread: 98035.929317 seconds
        system time in thread:     0.000000 seconds
    thread 0x3 TH_WAIT|TH_UNINT 0x80022059
        thread priority:          95
        thread sched flags:     none
        kernel cont 80022059
        user   time in thread:    20.278736 seconds
        system time in thread:     0.000000 seconds
    thread 0x4 TH_WAIT|TH_UNINT 0x80300c20
        thread priority:          80
        thread sched flags:     none
        kernel cont 8002cf39
        user   time in thread:     6.273227 seconds
        system time in thread:     0.000000 seconds
    thread 0x5 TH_WAIT|TH_UNINT 0x80300c28
        thread priority:          93
        thread sched flags:     none
        kernel cont 8002d135
        user   time in thread:     0.005678 seconds
        system time in thread:     0.000000 seconds
    thread 0x6 TH_WAIT|TH_UNINT 0
        thread priority:          94
        thread sched flags:     none
        kernel cont 8002fc65
        user   time in thread:     0.202646 seconds
        system time in thread:     0.000000 seconds
    thread 0x7 TH_WAIT|TH_UNINT 0xcbaea45c
        thread priority:          95
        thread sched flags:     none
        kernel 0x80024cab 0x800244d9 0x80033173 0x8008655c
        user   time in thread:     0.000296 seconds
        system time in thread:     0.000000 seconds
    thread 0x8 TH_WAIT|TH_UNINT 0x8ccda544
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000012 seconds
        system time in thread:     0.000000 seconds
    thread 0xb TH_WAIT|TH_UNINT 0x8cd7ee04
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:   426.026233 seconds
        system time in thread:     0.000000 seconds
    thread 0x1b TH_WAIT|TH_UNINT 0x8cd2e33c
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000021 seconds
        system time in thread:     0.000000 seconds
    thread 0x20 TH_WAIT|TH_UNINT 0x803187fc
        thread priority:          81
        thread sched flags:     none
        kernel cont 801e1c79
        user   time in thread:     0.000019 seconds
        system time in thread:     0.000000 seconds
    thread 0x21 TH_WAIT|TH_UNINT 0x8cd8c01c
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.038029 seconds
        system time in thread:     0.000000 seconds
    thread 0x22 TH_WAIT|TH_UNINT 0x8ce2cea4
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000011 seconds
        system time in thread:     0.000000 seconds
    thread 0x2a TH_WAIT|TH_UNINT 0x8ce2c6ac
        thread priority:          81
        thread sched flags:     none
        kernel 0x80024cab 0x800244d9 0x80256b19 0x8008655c
        user   time in thread:     0.000019 seconds
        system time in thread:     0.000000 seconds
    thread 0x2e TH_WAIT|TH_UNINT 0x8ce3f134
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000019 seconds
        system time in thread:     0.000000 seconds
    thread 0x62 TH_WAIT|TH_UNINT 0x8cdf6044
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     8.861949 seconds
        system time in thread:     0.000000 seconds
    thread 0x64 TH_WAIT|TH_UNINT 0x8ce8f724
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000018 seconds
        system time in thread:     0.000000 seconds
    thread 0x65 TH_WAIT|TH_UNINT 0x8ce8f6d4
        thread priority:          81
        thread sched flags:     none
        kernel 0x80024cab 0x800244d9 0x80256b19 0x8008655c
        user   time in thread:    10.040660 seconds
        system time in thread:     0.000000 seconds
    thread 0x66 TH_WAIT|TH_UNINT 0x8ce8f47c
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     2.540202 seconds
        system time in thread:     0.000000 seconds
    thread 0x67 TH_WAIT|TH_UNINT 0x8ce8f2c4
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.250538 seconds
        system time in thread:     0.000000 seconds
    thread 0x68 TH_WAIT|TH_UNINT 0x8cf46ea4
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000010 seconds
        system time in thread:     0.000000 seconds
    thread 0x69 TH_WAIT|TH_UNINT 0x8cf46d64
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000009 seconds
        system time in thread:     0.000000 seconds
    thread 0x6a TH_WAIT|TH_UNINT 0x8cf46c4c
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.048119 seconds
        system time in thread:     0.000000 seconds
    thread 0x6b TH_WAIT|TH_UNINT 0x8cf46abc
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000009 seconds
        system time in thread:     0.000000 seconds
    thread 0x6c TH_WAIT|TH_UNINT 0x8cf468dc
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000009 seconds
        system time in thread:     0.000000 seconds
    thread 0x6e TH_WAIT|TH_UNINT 0x8cf46634
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:    36.630748 seconds
        system time in thread:     0.000000 seconds
    thread 0x6f TH_WAIT|TH_UNINT 0x8cf46404
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:    36.139442 seconds
        system time in thread:     0.000000 seconds
    thread 0x71 TH_WAIT|TH_UNINT 0x8cf4610c
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000021 seconds
        system time in thread:     0.000000 seconds
    thread 0x73 TH_WAIT|TH_UNINT 0x8cef5b84
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.106043 seconds
        system time in thread:     0.000000 seconds
    thread 0x74 TH_WAIT|TH_UNINT 0x8ceb9cec
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000012 seconds
        system time in thread:     0.000000 seconds
    thread 0x75 TH_WAIT|TH_UNINT 0x8ceb992c
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000010 seconds
        system time in thread:     0.000000 seconds
    thread 0x76 TH_WAIT|TH_UNINT 0x8ceb9454
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000010 seconds
        system time in thread:     0.000000 seconds
    thread 0x78 TH_WAIT|TH_UNINT 0x8ced3ef4
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000020 seconds
        system time in thread:     0.000000 seconds
    thread 0x79 TH_WAIT|TH_UNINT 0x8ced3c4c
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000013 seconds
        system time in thread:     0.000000 seconds
    thread 0x7a TH_WAIT|TH_UNINT 0x8ced39a4
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     6.925023 seconds
        system time in thread:     0.000000 seconds
    thread 0x7b TH_WAIT|TH_UNINT 0x8ced36fc
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.000009 seconds
        system time in thread:     0.000000 seconds
    thread 0x7c TH_WAIT|TH_UNINT 0x8ced3134
        thread priority:          81
        thread sched flags:     none
        kernel cont 80256add
        user   time in thread:     0.009044 seconds
        system time in thread:     0.000000 seconds
    Thanks,
    Shashank

    I just had the same "scam" this evening.  I got the Safari message: "http://supportcallnow.com 'warning!! iOS Crash Report' "  Due to a third party application in your phone, iOS crashed.  Contact Support for an immediate fix - 1-800-480-4170.  I too called the phone # to see what was going on.  It went straight on hold when I called (didn't ring) and then when someone came on the line, it was a woman who I could barely hear due to the noise in the background.  She stated that my ios crashed and was no longer something on my iPhone5S and that a 3rd party was at that time taking all my info. off my phone (nice "scare tactic" eh?).  She then said for $80 though she could reinstall ios and just needed my credit card # (yeah, ooooookkkay).  So I said that was ridiculous as I had been using apps and my phone the whole time I was talking to her on speaker and said I would call Apple Support directly.  She told me they would say the same thing about having to pay to have ios reinstalled on my phone.  I said I highly doubt it and told her I wouldn't pay the money and that she was essentially full of crap.  She then said (prob after realizing I wasn't buying any of it) "OK ma'am" and hung up on me.
    Adamfrombessemer's advice works if you're surfing sites and get a "ios Crash Report" message in Safari on your iPhone like I did!
    1.  Place the phone in Airplane mode.
    2.  Go to Settings > Safari > And Clear History and website Data
    3.  Reopen safari and all will be gone. Turn off Airplane mode.
    Definite scam!

  • HT204204 got message Warning IOS Crash Report Due to a thirdp party application in your phone IOS is crashed...call for immediate support 16473604777  no i cannot get into Safari. Please help

    Hi,
    I was working on my New Ipad Mini in Safari when I received error Message Warning IOS Crash Report Due to a third party application in your phone. IOS crashed contact Support for immediate FIX 16473604447.  What do I do i called that number and wasn't goint to pay someone other than applie to fix this error.  I bought insurance, these people said Apple would not be able to help me.
    please i need this ipad for a trip im taking in a couple of days.
    I can't get into Safari the above error message keeps on popping up blocking me from getting in.

    Double tap the Home button, then swipe upwards on the Safari preview.
    Go to Settings - Safari - Clear History
    Restart Safari.
    And nd never, ever call any number presented.

  • Ios crash report due to a third party application

    My son was watching something on his iPhone (5c) iOS 7.1.2 and received this message in Safari "http://supportcallnow.com 'warning!! iOS Crash Report' "  Due to a third party application in your phone, iOS crashed.  Contact Support for an immediate fix - 1800-523-2251.
    Fairly sure this is a virus or at least a scam.  Have already tried to reset by holding the power and square down until the apple icon appears, but to no avail.  I cannot get the message off of the Safari screen .
    Help!

    I just had the same "scam" this evening.  I got the Safari message: "http://supportcallnow.com 'warning!! iOS Crash Report' "  Due to a third party application in your phone, iOS crashed.  Contact Support for an immediate fix - 1-800-480-4170.  I too called the phone # to see what was going on.  It went straight on hold when I called (didn't ring) and then when someone came on the line, it was a woman who I could barely hear due to the noise in the background.  She stated that my ios crashed and was no longer something on my iPhone5S and that a 3rd party was at that time taking all my info. off my phone (nice "scare tactic" eh?).  She then said for $80 though she could reinstall ios and just needed my credit card # (yeah, ooooookkkay).  So I said that was ridiculous as I had been using apps and my phone the whole time I was talking to her on speaker and said I would call Apple Support directly.  She told me they would say the same thing about having to pay to have ios reinstalled on my phone.  I said I highly doubt it and told her I wouldn't pay the money and that she was essentially full of crap.  She then said (prob after realizing I wasn't buying any of it) "OK ma'am" and hung up on me.
    Adamfrombessemer's advice works if you're surfing sites and get a "ios Crash Report" message in Safari on your iPhone like I did!
    1.  Place the phone in Airplane mode.
    2.  Go to Settings > Safari > And Clear History and website Data
    3.  Reopen safari and all will be gone. Turn off Airplane mode.
    Definite scam!

  • Ios crash report has given me a number to contact is this leggit?

    Every time I try to use the internet on my  iphone it says "warning ios crash report "It gives me a 1-844 number to call
    is this legit?

    No.

  • 7940 Vulnerability Report

    Hi,
    We have received a vulnerability report for 7940 IP Phones with VM QID -- 86175.
    Pls suggest how to over come this VM.
    Currently we are running firmware P0030801SR02 for 7940 IP Phones, Pls suggest weather upgrading the firmware will overcome this issue.

    Hi,
    Pls find the details below of qualys guard...
    Qualys ID (QID):86175
    QID Title:Web Server/ Web Application Vulnerable to Cross-Site Scripting Attacks..
    Generic Solution:Any Web application on the server may be affected by this vulnerability. To prevent cross-site scripting attacks from occurring, web developers should use static pages whenever possible and sanitize input / output.The following vendors provided a patches at the web server level. See below for a list of patches for some specific Web servers. If this information does not apply to your Web server, contact your Web server vendor. If your web server does not support filtering please have your web developers resolve this issue at the application level.
    This issue is fixed in Sun ONE / iPlanet Web Server 4.1 Service Pack 12 and above. The latest service pack is available for download from Sun ONE Web Server Enterprise Edition 4.1 Service Pack 13 (http://wwws.sun.com/software/download/products/3f8472da.html).
    For Microsoft IIS 4/5/5.1, apply the cumulative patch described in Microsoft Security Bulletin MS02-018 (http://www.microsoft.com/technet/security/bulletin/MS02-018.mspx). No additional service packs are planned for Windows NT 4.0. IIS 5.0 fixes will be included in Windows 2000 Service Pack 3. IIS 5.1 fixes will be included in Windows XP Service Pack 1.
    Lotus Domino had this issue with Domino R5 Web server. Check the Lotus advisory SPR# JCHN4V2HUY (http://www-01.ibm.com/support/docview.wss?uid=sim490a14be07fdb479385256ad800739c35).
    For IBM Websphere, please refer to websphere-faultactor-xss (30055) (http://xforce.iss.net/xforce/xfdb/30055).
     For Web Applications:  If your Web application is vulnerable, please check with the web application vendor for further details.
     Patch:
    Following are links for downloading patches to fix the vulnerabilities:
      Web Server (Sun ONE / iPlanet Web Server 4.1 Service Pack 12) (http://wwws.sun.com/software/download/products/3f8472da.html)  Web Server: Windows (IIS 4.0, 5.0, 5.1) (http://www.microsoft.com/technet/security/bulletin/MS02-018.mspx)  Web Server (Lotus Domio) (http://www-1.ibm.com/support/docview.wss?rs=463&q1=1098216&uid=swg21098216&loc=en_US&cs=utf-8&lang=en+en)

  • Exchange Connector - iOS Version Reporting

    We run reports on the different versions of iOS that connect to Exchange in SCCM using the exchange connector. We have found that when a device is updated to a newer version of iOS the Operating System version information is not updated in SCCM. I checked
    through the information in Exchange and it does have the correct version of iOS on the object it just doesn't appear to be updating in SCCM.

    Can't say I have any insight into this but it sounds like it may be a bug or a scenario not accounted for. You may want to open a CSS case.
    How long are you waiting after the update occurred to check the console? Have you checked the data directly in the DB? This could simply be a timing issue.
    Jason | http://blog.configmgrftw.com

  • Regarding IOS Vulnerability.

    Hi,
    I would like to know how to fix these Vulnerabilities.
    1st set is for Cisco IOS (Version 12.2(35)SE5).
    1)SSH Weak Cipher Used
    2)SSH Protocol Version 1 Supported
    3)X.509 Certificate MD5 Signature Collision Vulnerability
    4)SSL Certificate - Signature Verification Failed Vulnerability
    5) SSL Certificate - Self-Signed Certificate
    Thanks
    Aj

    I would like to know how to fix these Vulnerabilities.1st set is for Cisco IOS (Version 12.2(35)SE5).
    Upgrade your IOS.

  • Oracle Express 10G Vulnerability Report

    It is my understanding that Oracle Express 10G (10.2.0.2) release 2 does not have security patches released. The plan is to release another version (11g) when available. Is this correct?
    Is there any report that states Oracle Express 10G edition is vulnerable\not vulnerable to known security exploits? I have found very little information. What I have found is basically "Vulnerabilities may affect Oracle Database 10g Express Edition (XE). According to Oracle, Oracle Database XE is based on the Oracle Database 10g Release 2 code".
    What is Oracle's stance on security patches for Oracle Express? I imagine it states "if you're concerned there is an Enterprise edition that can be purchased with regular security patches".

    Check out the following thread at Re: Upgrade and Patch Policy . Security patches are provided in newer releases, not CPU patches.

  • MULTI entry of questions due to iOS safari reporting that the support was in maintenance

    I Had a need to use the the gps so I turned on the location services to do it and I noticed ( after returning the phone to normal ( no use of the gps apps) a few phone calls a day and a text or two a few calendar notifications etc that my 4s went from dropping from 100% at 8 am to say 75% at 8 pm to less than 20% at 8pm  when the gps was in use... Aside from being a touch amazed at how much juice the gps used i shrugged and turned the location services off and now the bat icon stays at 100% all day.
    needless to say I don't trust this report I tried restarting the phone but the icon stays at 100%
    7.1.1

    It is probably because you are not properly closing Firefox. Restarting your system would make sure that Firefox had terminated, but you do not have to do that.
    To properly close Firefox on Windows systems, use
    :File > Exit or "Firefox:" button > Exit
    When you get the message "Firefox is already running" it is too late, and you must force termination of Firefox through the Windows Task Manager before restarting Firefox. Windows 7 has a keyboard shortcut to save you a step "Ctrl+Shift+Esc" then on "Processes" tab, select "firefox.exe" and use the "End Process" button. More thorough would be to right-click on the "firefox.exec" and choose "End Process Tree".
    You would find firefox.exe in a Mozilla folder in your program files, but y0u would not want to delete it there, you would need to use the Control Panel which you have already identified and do it from there -- but generally you would not need to do that, and there is nothing in what you have posted to indicate that you should. But if you did do that, then don't let the install start Firefox for you as you would want to use you existing desktop icon or method of starting Firefox, and should decline having Firefox install start Firefox for you. When the install starts then invoke Firefox in your normal manner. This should eliminate problems of creating a new profile rather than using your old profile.

  • PCI Vulnerability Reports LDAP NULL BIND ENABLED

    I’m Running PCI compliance Report on a windows 2008 R2 and the report fails
    The error summary points to LDAP NULL BIND being
    Enabled I thought LDAP NULL BIND was disabled by default.
    How can I test for LDAP NULL BIND being disabled?
    How can I disable LDAP NULL BIND?
    Thanks for your help

    Please start by reading that: http://support.microsoft.com/kb/837964/en-us
    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Get Active Directory User Last Logon
    Create an Active Directory test domain similar to the production one
    Management of test accounts in an Active Directory production domain - Part I
    Management of test accounts in an Active Directory production domain - Part II
    Management of test accounts in an Active Directory production domain - Part III
    Reset Active Directory user password

  • W2003 DNS cache snooping vulnerability for PCI-DSS compliance.

    Hi everyone.
    How can I solve this security vulnerability reported by Nessus(security software) with W2003's DNS ?
    DNS Server Cache Snooping Remote Information Disclosure
    Synopsis:
    The remote DNS server is vulnerable to cache snooping attacks.
    Description:
    The remote DNS server responds to queries for third-party domains that do not have the recursion bit set. This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently
    visited. For instance, if an attacker was interested in whether your company utilizes the online services of a particular financial institution, they would be able to use this attack to build a statistical model regarding company usage of that financial institution.
    Of course, the attack can also be used to find B2B partners, web-surfing patterns, external mail servers, and more. Note: If this is an internal DNS server not accessable to outside networks, attacks would be limited to the internal network. This may include
    employees, consultants and potentially users on a guest network or WiFi connection if supported.
    Risk factor:
    Medium
    CVSS Base Score:5.0
    CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
    See also:
    http://www.rootsecure.net/content/downloads/pdf/dns_cache_snooping.pdf
    Solution:
    Contact the vendor of the DNS software for a fix.
    Plugin output:
    Nessus sent a non-recursive query for example.com and received 1 answer : 192.0.43.10
    I have been searching for a solution at the web...but I was unabled to find one..that could let me to use "recursion" at our DNS server.
    We have an internal DNS server for Active Directory, with a forwarding to resolve external internet domains as is a requirement by our application..but now the only way to fix this is to disable "recursion" and we are working with external IP address instead
    of internet DNS names..but this is not a good solution for us.
    I found something about spliting DNS functions, but my point is that we have all the servers internal and DMZ, inside the same AD domain..so we need to use the same DNS server AD integrated, notwithstanding we must resolve external DNS records for our application...How
    can I do this without getting the same vulnerability again ? I don´t know how to do it disabling "recursion"..If I disable recursion I will be unable to resolve external DNS names.
    Any suggestion will be really appreciated!!
    thx!!

    That's basically for your internet facing DNS. I wouldn't worry about it too much for internal DNS, since that's only hosting your internal AD zone.
    Other than setting the "Secure cache against polution" setting, you can also opt to disable caching of all records so each and every query is a fresh query. This actually fixes CNAME vs A record TTL mismatch issues, too, not that you're probably seeing them
    or not, but just wanted to add that:
    Description of DNS registry entries in Windows 2000 Server, part 2 of 3 (applies to 2003, 2008 & 2008 R2)
    http://support.microsoft.com/kb/813964
    Cannot resolve names in certain top level domains like .co.uk.
    http://blogs.technet.com/b/sbs/archive/2009/01/29/cannot-resolve-names-in-certain-top-level-domains-like-co-uk.aspx
    ============
    To turn off or disable local cache: (WIndows 2000 notes, but they apply to all current OS's)
    Set the MaxCacheTtl to 0 in the registry or use Dnscmd
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters
       Value:     MaxCacheTtl
       Type:     DWORD
       Default:  NoKey (Cache for up to one day)
       Function: Set maximum caching TTL.
    MaxCacheTtl
    Type: DWORD
    Default value: 0x15180 (86,400 seconds = 1 day)
    Function: Determines how long the DNS server can save a record of a
    recursive name query.
    You can use the MaxCacheTtl registry entry to specify how long the DNS
    server can save a record of a recursive name query.
    If the value of the MaxCacheTtl entry is 0x0, the DNS server does not save
    any records.
    The DNS server saves the records of recursive name queries in a memory cache
    so that it can respond quickly to new queries for the same name. Records are
    deleted from the cache periodically to keep the cache content current. The
    interval when the records remain in the cache typically is determined by the
    value of the Time to Live (TTL) field in the record. The MaxCacheTtl entry
    establishes the maximum time that records can remain in the cache. The DNS
    server deletes records from the cache when the value of this entry expires,
    even if the value of the TTL field in the record is greater.
    Change method
    To change the value of the MaxCacheTtl entry, use Dnscmd.exe, a tool that is
    included with the Windows 2000 Support Tools. The change is effective
    immediately so that you do not have to restart the DNS server.
    Start method
    DNS reads its registry entries only when it starts. If you change the value
    of the MaxCacheTtl entry by editing the registry, the changes are not
    effective until you restart the DNS server.
    Note the following items: . Windows 2000 does not add the MaxCacheTtl entry
    to the registry. You can add it by editing the registry or by using a
    program that edits the registry.
    The MaxCacheTtl entry does not affect Windows Internet Name Service
    (WINS) data that is saved in the DNS memory cache. WINS data is saved until
    the Cache Timeout Value on the WINS record expires. To view or change the
    Cache Timeout Value on the WINS record, use the DNS snap-in. Right-click a
    zone name, click Properties, click the WINS tab, and then click Advanced.
    ===============================
    Ace
    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

  • A third party app had crashed my iPad  iOS and will not reset. It gives a pop up window and seems very fishy.

    I have a pop up window that says:
    http://ios-support.net
    The page at I-Pad support says:
    Warning IOS - crash Report
    Due to a third party application in your iPad, IOS crashed.
    Contact Support for an Immediate Fix
    i incantation reset anything, it seems extremely fishy and I'm locked up and ant do anything. Has anyone had this happen?
    <Post edited by Host>

    Do not call the number.
    Double tap the Home button, then swipe upwards on the Safari preview.
    Go to Settings - Safari - Clear History.
    Restart Safari.

  • Two iOS devices and a Snow Leopard Mac: trying to sync photos

    My wife’s tech support group, that would be me , is failing in attempts to find an easy way to sync her photos between iPhoto on her Snow Leopard Mac and her two iOS 5 devices using iCloud.
    The bottom line is how best to manage photos during a time all devices are not on iCloud.
    Two problems:
    1. She now has the two iOS devices reporting different numbers of pictures and slightly different albums. Shouldn't they be exactly the same?
    2. Is it better to have her sync her Snow Leopard Mac to the iOS devices using iTunes or iPhoto.
    Any basic tips appreciated. Including if this is not the correct Community for this post.
    Thank you.

    You are in the correct community for posting this question. Most people would never even think to ask. That's very thoughtful of you. Anyway .... to the point about syncing photos.
    I do not use Photo Stream and use iCloud for very little as well. I still sync with iTunes because that works for me and I am used to doing it that way. I am running Lion on my MacBook so I have everything I need for iCloud, but .... This is how I do it.
    Connect the iPad to the Mac and launch iTunes.
    Click on the iPad name on the left side under devices.
    Click on the Photos Tab on the right.
    Select iPhoto as the folder from which you want to sync.
    Click on all of the albums, events, faces, that you want to sync.
    Make sure that the Sync Photos heading is checked/selected.
    Click on Apply or Sync in the lower right corner of iTunes

Maybe you are looking for

  • Cannot receive message in Outlook Express

    I recently (for the first time) accessed my ISP's e-mail service. Since then I have been unable to receive messages in Outlook Express although I can send them. When I check for new messages I do get a connection but no new messages. Some of my messa

  • How to change the endeca studio chart color . version is 3.1

    how to change the endeca studio chart color

  • Session problem in cluster

    Hello!           We have 3 servers, one main server (A) and 2(B,C) managed servers in           cluster.           All requests will always go to server B first, if it is run.           Assume, that session have been created on server B. Since, We ha

  • Location of Spellcheck Dictionary

    Is there any way to change the default location of the Dreamweaver CS3 spellcheck dictionary? We have three developers using Dreamweaver, and it would be great if they could all use the same dictionary, instead of three separate ones that are not in

  • Skin function in flash

    Why can't I add a back option to my skin for my e-learning course. I went into skin editor and the back option is not avaible to put on the skin. Does any one know how I can fix that?