Watch it: Multiple DNS implementations vulnerable to
cachepoisoning
Rick Cooper
rcooper at dwford.com
Thu Jul 10 04:36:50 IST 2008
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On
> Behalf Of shuttlebox
> Sent: Wednesday, July 09, 2008 7:48 PM
> To: MailScanner discussion
> Subject: Re: Watch it: Multiple DNS implementations
> vulnerable to cachepoisoning
>
> On Thu, Jul 10, 2008 at 12:50 AM, Ken A <ka at pacific.net> wrote:
> > This nice little tool was posted to the dns operations list.
> > Cut and paste this into your linux or BSD (Mac) to check
> your configured DNS
> > resolver for cache poisoning vulnerability.
> >
> > dig +short porttest.dns-oarc.net TXT
>
> What's a good result supposed to look like?
>
> I understand that this is not good since it's classified as poor and
> comes from only one source port:
>
> "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports
> with std dev 0.00"
>
> But why is this also classified as poor when all 44 queries
> come from new ports?
>
> "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports
> with std dev 165.43"
>
> By the way, I don't know if server e.f.g.h is updated or
> not, I'm just
> curious about the result.
>
Look at the standard deviation on yours above then look at this one
is GOOD: 26 queries in 1.6 seconds from 26 ports with std dev 19681.46
Huge difference and would be virutaly impossible to "guess"
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list