If you're talking about securing Win2k against DNS Cache Poisoning, Read the following:
Preventing DNS Poisoning More important pieces of the architecture that must be protected are the DNS servers. All network clients query the DNS servers to locate servers that they need to communicate with. When attacking the DNS, a hacker can use DNS poisoning. For example, a hacker can use a variety of penetration techniques to overwrite the cache file of the DNS server with malicious information. As a result, when a user queries the production DNS, the user is forwarded to a bogus DNS server that the hacker controls and can use to damage the system. The following approaches can be used to prevent attacks on the DNS: * Using different DNS servers to resolve requests for the internal network and ensuring that these DNS servers do not respond to queries from outside computers. This is referred to as split-split DNS. * Using a read-only DNS that disallows any updates. * Securing the DNS database. The Internet Data Center architecture uses Active Directory security, and only secure DNS updates are allowed. * When using Microsoft DNS, enabling DNS cache poison protection in the advanced setting of the Microsoft DNS configuration. (you got all the doc on this url): http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutio ns/idc/rag/ragc05.asp <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsoluti ons/idc/rag/ragc05.asp> Hope it'll help :) Regards... -----Message d'origine----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Date: mercredi 2 juillet 2003 08:33 À: [EMAIL PROTECTED] Objet: [ISSForum] How to remove DNS_Poison from Windows 2000 Dear All, I have patch all the windows 2000 Server, but when the DNS transfer data between other DNS Windows 2000 Server, then the Network Sensor will detect that it is a DNS_Poison. Can somebody help me, I am new in ISS Product. Best Regards, Tony Wu _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
