Re: The revised DNS.EXE that was released in response to MS08-037
- From: "Ace Fekay [Microsoft Certified Trainer]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 13 May 2009 23:56:26 -0400
"W" <persistentone@xxxxxxxxxxxxxx> wrote in message news:P5qdnZfK--g5GZbXnZ2dnUVZ_tudnZ2d@xxxxxxxxxxxxxxx
Further reading suggests the 2500 UDP server ports that the DNS server is
setting up is a pool used only for *client* requests from the DNS server out
to other DNS servers. Is it correct?
Why would Microsoft need to pre-allocate UDP server ports in order to do UDP
client UDP requests?
--
W
It is a security update to prevent spoofing. Attackers know that normally, without the update, a random ephemeral response ports (service ports), which is normally UDP 1024 and above. They are the response ports used by all Windows communications (not just DNS). An attacker may guess/randomize a port attack at DNS attempting to gain access to create records by injecting their own commands. By reserving the port, or creating this socket pool, it reduces the chance of a randomization attack, which attackers are using against Windows DNS.
Here's more info about it, how to test and see what memory is being used, and ways to disable or reduce the pool, if you feel it is interfering with other services.
======================================================================================================
======================================================================================================
The DNS patch
The DNS patch released in July, 2008, reserves 2500 ephemeral UDP ports.
When you run a netstat -ab, it will display the 2500 UDP ports that have been reserved, but not necessarily in use. This is part of the increased memory consumption that you may see. I've noticed the following (your mileage may vary):
dns.exe Before After
Mem usage 9758K 36,232K
Peak Mem 10,208K 36,584K
Paged Pool 71K 798K
NP Pool 17K 4,833K
Handles 238 5,217
Threads 20 20
MS08-037: Description of the security update for DNS in Windows Server 2003,
in Windows XP, and in Windows 2000 Server (client side): July 8, 2008:
http://support.microsoft.com/?id=951748
MS08-037: Vulnerabilities in DNS could allow spoofing
http://support.microsoft.com/default.aspx/kb/953230
How to reserve a range of ephemeral ports on a computer that is running Windows Server 2003 or Windows 2000 Server
http://support.microsoft.com/kb/812873
You experience issues with UDP-dependent network services after you install DNS Server service security update 953230 (MS08-037)
http://support.microsoft.com/default.aspx/kb/956188
Some Services May Fail to Start or May Not Work Properly After Installing MS08-037 (951746 and 951748)
http://blogs.technet.com/sbs/archive/2008/07/17/some-services-may-fail-to-start-or-may-not-work-properly-after-installing-ms08-037-951746-and-951748.aspx
SBS Services failing after MS08-037 - KB951746 and 951748
http://msmvps.com/blogs/thenakedmvp/archive/2008/07/18/sbs-services-failing-after-ms08-037-kb951746-and-951748.aspx
======================================================================================================
======================================================================================================
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@xxxxxxxxxxxxxxxxxxxxxxx
For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
"Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
http://twitter.com/acefekay
.
- Follow-Ups:
- References:
- Prev by Date: Re: The revised DNS.EXE that was released in response to MS08-037
- Next by Date: Re: The revised DNS.EXE that was released in response to MS08-037
- Previous by thread: Re: The revised DNS.EXE that was released in response to MS08-037
- Next by thread: Re: The revised DNS.EXE that was released in response to MS08-037
- Index(es):
Relevant Pages
|
