Watch it: Multiple DNS implementations vulnerable to cache
poisoning
Jens Ahlin
mailing_lists+mailscanner at caleotech.com
Thu Jul 10 07:32:49 IST 2008
> On Thu, Jul 10, 2008 at 12:50 AM, Ken A <ka at pacific.net> wrote:
>> This nice little tool was posted to the dns operations list.
>> Cut and paste this into your linux or BSD (Mac) to check your configured
>> DNS
>> resolver for cache poisoning vulnerability.
>>
>> dig +short porttest.dns-oarc.net TXT
>
> What's a good result supposed to look like?
>
> I understand that this is not good since it's classified as poor and
> comes from only one source port:
>
> "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev
> 0.00"
>
> But why is this also classified as poor when all 44 queries come from new
> ports?
>
> "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev
> 165.43"
>
> By the way, I don't know if server e.f.g.h is updated or not, I'm just
> curious about the result.
>
> --
> Emo Philips - "I got some new underwear the other day. Well, new to me."
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
Hi,
Look in your named.conf and remove lines like:
query-source port 53;
query-source-v6 port 53;
and run the test again. The directive above will force your dns to use
port 53 which is the source of this vulnerability.
Jens
More information about the MailScanner
mailing list