Hacker News new | past | comments | ask | show | jobs | submit login

They're only attacking host-lookup, so you just have to worry about people who can connect to your service and are able to control name server response. This means your network services that are internet-accessible. Everything else can wait for a maintenance window for the reboot.

  ~# netstat -lnp | grep -e "\(tcp.*LISTEN\|udp\)" | cut -d / -f 2- | sort -u
  cupsd          
  dnsmasq        
  httpd          
  nmbd           
  ntpd           
  qemu-kvm       
  rpc.portmap    
  rpc.statd      
  sendmail: acce 
  smbd           
  ssh           
  sshd



It doesn't have to be internet accessible, AFAIK. If an attacker can get something to do arbitrary DNS lookups, I think it can be attacked. For instance, monitoring/log correlation software might be vulnerable.


If you have backend systems parsing XML, then an XXE[1] attack could trigger a DNS lookup, for example.

[1]https://www.owasp.org/index.php/XML_External_Entity_%28XXE%2...


Ooh, that could lead to some very interesting attack vectors. :D


sudo netstat -lnp | awk -F/ '/LISTEN /{print $2}'




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: