Watch it: Multiple DNS implementations vulnerable to cache
poisoning
Peter Farrow
peter at farrows.org
Thu Jul 10 09:00:49 IST 2008
horizontal ruler
Jens Ahlin wrote:
>> On Thu, Jul 10, 2008 at 12:50 AM, Ken A <ka at pacific.net> wrote:
>>
>>> This nice little tool was posted to the dns operations list.
>>> Cut and paste this into your linux or BSD (Mac) to check your configured
>>> DNS
>>> resolver for cache poisoning vulnerability.
>>>
>>> dig +short porttest.dns-oarc.net TXT
>>>
>> What's a good result supposed to look like?
>>
>> I understand that this is not good since it's classified as poor and
>> comes from only one source port:
>>
>> "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev
>> 0.00"
>>
>> But why is this also classified as poor when all 44 queries come from new
>> ports?
>>
>> "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev
>> 165.43"
>>
>> By the way, I don't know if server e.f.g.h is updated or not, I'm just
>> curious about the result.
>>
>> --
>> Emo Philips - "I got some new underwear the other day. Well, new to me."
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
> Hi,
>
> Look in your named.conf and remove lines like:
> query-source port 53;
> query-source-v6 port 53;
>
> and run the test again. The directive above will force your dns to use
> port 53 which is the source of this vulnerability.
>
> Jens
>
Just for the record my DNS server returned:
dig +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"212.21.120.10 is GOOD: 26 queries in 4.5 seconds from 26 ports with std
dev 19299.85"
But I patched it yesterday...
P.
--
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk
-------------- next part --------------
Skipped content of type multipart/related
More information about the MailScanner
mailing list