Comments on: Breaking: Now Patch Your Firewalls Because the DNS Patch Won’t Work With Leading Firewalls http://broaddev.com/2008/07/29/breaking-firewalls-wont-work-with-the-patch-cisco-firewalls-affected/ Tue, 16 Mar 2010 12:09:54 +0000 http://wordpress.org/?v=2.5.1 By: BroadDev - Unified Communications, Virtualization, Security, and Web 2.0 » Timeline of DNS Story - It’s Getting Out of Hand - Ok - So What’s the Solution http://broaddev.com/2008/07/29/breaking-firewalls-wont-work-with-the-patch-cisco-firewalls-affected/#comment-381 BroadDev - Unified Communications, Virtualization, Security, and Web 2.0 » Timeline of DNS Story - It’s Getting Out of Hand - Ok - So What’s the Solution Thu, 07 Aug 2008 18:53:55 +0000 http://broaddev.com/?p=117#comment-381 [...] July 29, 2008 - Breaking News:  Now Patch Your Firewalls Because the DSN Patch Won’t Work Wit... [...] [...] July 29, 2008 - Breaking News:  Now Patch Your Firewalls Because the DSN Patch Won’t Work Wit… [...]

]]> By: BroadDev - Unified Communications, Virtualization, Security, and Web 2.0 » Kaminsky’s DNS Exploit Exposes Internet Core Challenge http://broaddev.com/2008/07/29/breaking-firewalls-wont-work-with-the-patch-cisco-firewalls-affected/#comment-355 BroadDev - Unified Communications, Virtualization, Security, and Web 2.0 » Kaminsky’s DNS Exploit Exposes Internet Core Challenge Fri, 01 Aug 2008 01:41:42 +0000 http://broaddev.com/?p=117#comment-355 [...] the story gets worse. Recent news suggests that firewalls may have been impacted, including those widely deployed to protect servers. Compatibility issues between the DNS vulnerability patch and firewalls have [...] [...] the story gets worse. Recent news suggests that firewalls may have been impacted, including those widely deployed to protect servers. Compatibility issues between the DNS vulnerability patch and firewalls have [...]

]]> By: Kaminsky’s DNS Exploit Exposes the Internet’s Core Challenge « ARCHIMEDIUS http://broaddev.com/2008/07/29/breaking-firewalls-wont-work-with-the-patch-cisco-firewalls-affected/#comment-354 Kaminsky’s DNS Exploit Exposes the Internet’s Core Challenge « ARCHIMEDIUS Thu, 31 Jul 2008 19:42:23 +0000 http://broaddev.com/?p=117#comment-354 [...] the story gets worse.  Recent news suggests that firewalls may have been impacted, including those widely deployed to protect servers.  Compatibility issues between the DNS vulnerability patch and firewalls have [...] [...] the story gets worse.  Recent news suggests that firewalls may have been impacted, including those widely deployed to protect servers.  Compatibility issues between the DNS vulnerability patch and firewalls have [...]

]]> By: BroadDev - Unified Communications, Virtualization, Security, and Web 2.0 » DNS SUCKS - Ok I Said It - Now What - Talk to Trusted Sources Until PAT mode is Fixed http://broaddev.com/2008/07/29/breaking-firewalls-wont-work-with-the-patch-cisco-firewalls-affected/#comment-352 BroadDev - Unified Communications, Virtualization, Security, and Web 2.0 » DNS SUCKS - Ok I Said It - Now What - Talk to Trusted Sources Until PAT mode is Fixed Wed, 30 Jul 2008 22:19:13 +0000 http://broaddev.com/?p=117#comment-352 [...] I blogged yesterday that Cisco firewalls were affected and rendered the DNS patch useless. Well that was true BUT it’s not just Cisco - it’s everyone. There is a bigger picture. DNS sucks. There is too much legacy and critical infrastructure that is more important then some sort of url rewrite and a hacking of a 16 bit port translation (or PAT - Port Address Translation).  It’s called ‘industrial strength’ software.  Companies like Infoblox and Nominum have growing businesses because they took DNS and scaled it with security.  Can vendors do more with it or has it reached it’s peak?  Either way this DNS shit is a problem for IT and network operators.   It seem like they are chasing too many holes out there.  Is it time to rip and replace.  I’ll keep my official opinion to myself. [...] [...] I blogged yesterday that Cisco firewalls were affected and rendered the DNS patch useless. Well that was true BUT it’s not just Cisco - it’s everyone. There is a bigger picture. DNS sucks. There is too much legacy and critical infrastructure that is more important then some sort of url rewrite and a hacking of a 16 bit port translation (or PAT - Port Address Translation).  It’s called ‘industrial strength’ software.  Companies like Infoblox and Nominum have growing businesses because they took DNS and scaled it with security.  Can vendors do more with it or has it reached it’s peak?  Either way this DNS shit is a problem for IT and network operators.   It seem like they are chasing too many holes out there.  Is it time to rip and replace.  I’ll keep my official opinion to myself. [...]

]]> By: Jimmy http://broaddev.com/2008/07/29/breaking-firewalls-wont-work-with-the-patch-cisco-firewalls-affected/#comment-345 Jimmy Wed, 30 Jul 2008 01:44:10 +0000 http://broaddev.com/?p=117#comment-345 John Thanks for posting this. Not many people understand that this is a big problem. Patches are great but knowing the implementation consequences is important. Nomimum has a great solution to this. Looking forward to hearing more about how this develops John
Thanks for posting this. Not many people understand that this is a big problem. Patches are great but knowing the implementation consequences is important. Nomimum has a great solution to this.

Looking forward to hearing more about how this develops

]]>