All Mgrs Mtg-2008.08.06-ISO

ISO: DNS/IP Control - Dan Clawson & Andrew Reich Dan: Addressing the DNS vulnerabilities. Some scenarios are on the OIT wiki. http://wiki.it.utah.edu/confluence/x/ygASAQ ; (must have a wiki account and login to view) Scenario 1 (best): Please patch your own DNS servers and disable recursion, point your clients to somewhere that does allow recursion. Scenario 2. Let ISO know if you need to allow recursion - at least forward recursive queries to a patched server. Scenario 3. No patching and open recursion - this is not acceptable. Please contact ISO/Compliance to come up with an acceptable scenario. Today or tomorrow there will be full disclosure of the DNS vulnerabilities by Dan Kaminsky of BlackHat : http://www.doxpara.com/?p=1204 . Andrew: all our POC info is in the new IP Control tool now. We still need to do a lot of clean up. We also have all DNS data in the tool, and are doing some comparison checks now. There was a moratorium on host record changes through IP Alloc; we're thinking about opening up a window to allow necessary changes. Will open a window early next; Monday/Tues. Urgent requests: write an email to ipalloc@lists.utah.edu. The IP Control product patch is due out Friday; can't move forward any earlier than that.