| VID |
13020 |
| Severity |
10 |
| Port |
|
| Protocol |
ICMP |
| Class |
Protocol |
| Detailed Description |
The target host answered to an an ICMP domain name request and sent us its domain name. Described in RFC 1788, ICMP is also capable of transporting reverse DNS lookups. With this new protocol addition, it would be possible for hosts to directly reply with their own reverse DNS record, instead of having to rely on an (already crowded) DNS server. This protocol was never really converted to the application field, and is not used very often by resolver libraries. Thus, it is safe to discard this traffic on your perimeter router.
* References:
http://www.ietf.org/rfc/rfc1788.txt
http://www.dolda2000.com/~fredrik/icmp-dn/
* Platforms Affected:
Any operating system Any version |
| Recommendation |
If you do not use this feature, configure your firewall or filtering router to block the incoming ICMP domain name requests (37), and the outgoing ICMP domain name replies (38). |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
