Watch it: Multiple DNS implementations vulnerable to
cache poisoning
Ken A
ka at pacific.net
Thu Jul 10 02:54:53 IST 2008
shuttlebox wrote:
> On Thu, Jul 10, 2008 at 12:50 AM, Ken A <ka at pacific.net> wrote:
>> This nice little tool was posted to the dns operations list.
>> Cut and paste this into your linux or BSD (Mac) to check your configured DNS
>> resolver for cache poisoning vulnerability.
>>
>> dig +short porttest.dns-oarc.net TXT
>
> What's a good result supposed to look like?
>
# dig +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.106.118.3 is GOOD: 26 queries in 0.2 seconds from 26 ports with std
dev 17159.50"
> I understand that this is not good since it's classified as poor and
> comes from only one source port:
>
> "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev 0.00"
>
> But why is this also classified as poor when all 44 queries come from new ports?
>
They are probably not random enough. You can look at them with netstat
or lsof -i
Ken
> "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev 165.43"
>
> By the way, I don't know if server e.f.g.h is updated or not, I'm just
> curious about the result.
>
--
Ken Anderson
Pacific.Net
More information about the MailScanner
mailing list