Signature Detail
Short Name |
DNS:REQUEST:REVERSE-LOOKUP |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
DNS |
Keywords |
Reverse Name Lookup |
Release Date |
2004/11/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DNS: Reverse Name Lookup
This signature detects DNS reverse name lookup requests, which allow DNS clients to use a host IP address to retrieve the host domain name. DNS reverse name lookup requests are very common and should be considered as normal network traffic.
Extended Description
Microsoft ISA and Proxy Server are reportedly prone to a Web site spoofing vulnerability. Successful exploitation of this issue could allow a remote attacker to spoof a trusted Web site. If a connection were made to the spoofed Web site using SSL, the malicious site would not be able to spoof the certificate of the legitimate site. This would likely cause a warning message to appear to the user. Microsoft Small Business Server 2000 and 2003 include the affected software.
Affected Products
- Microsoft ISA Server 2000 FP1
- Microsoft ISA Server 2000 SP1
- Microsoft ISA Server 2000 SP2
- Microsoft ISA Server 2000
- Microsoft Proxy Server 2.0
- Microsoft Proxy Server 2.0 SP1
- Microsoft Small Business Server 2000
- Microsoft Small Business Server 2003
References
- BugTraq: 9792
- BugTraq: 11605
- CVE: CVE-2004-0171
- CVE: CVE-2004-0892
- URL: http://www.faqs.org/rfcs/rfc1035.html