Hacker News new | past | comments | ask | show | jobs | submit login

It doesn't have to be internet accessible, AFAIK. If an attacker can get something to do arbitrary DNS lookups, I think it can be attacked. For instance, monitoring/log correlation software might be vulnerable.



If you have backend systems parsing XML, then an XXE[1] attack could trigger a DNS lookup, for example.

[1]https://www.owasp.org/index.php/XML_External_Entity_%28XXE%2...


Ooh, that could lead to some very interesting attack vectors. :D




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: