I suspect that the origin of the myth that DNS/TCP is more
dangerous than DNS/UDP is that the first root expliot of
named was over TCP not UDP. There were later exploits that
were UDP only which totally busted the myth but it continues
to live.
Mark
In article <200708100143.l7A1hNSY034263@drugs.dv.isc.org> you write:
I suspect that the origin of the myth that DNS/TCP is more
dangerous than DNS/UDP is that the first root expliot of
named was over TCP not UDP. There were later exploits that
were UDP only which totally busted the myth but it continues
to live.Mark
Just to make it clear. This was BIND 4/8 code and the bugs
were addressed in the last millennia.
To date there are no known root exploits for BIND 9.
Mark
Because who runs BIND as root anymore?