Watch it: Multiple DNS implementations vulnerable to cache
poisoning
Scott Silva
ssilva at sgvwater.com
Thu Jul 10 18:41:27 IST 2008
on 7-9-2008 4:47 PM shuttlebox spake the following:
> On Thu, Jul 10, 2008 at 12:50 AM, Ken A <ka at pacific.net> wrote:
>> This nice little tool was posted to the dns operations list.
>> Cut and paste this into your linux or BSD (Mac) to check your configured DNS
>> resolver for cache poisoning vulnerability.
>>
>> dig +short porttest.dns-oarc.net TXT
>
> What's a good result supposed to look like?
>
> I understand that this is not good since it's classified as poor and
> comes from only one source port:
>
> "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev 0.00"
>
> But why is this also classified as poor when all 44 queries come from new ports?
>
> "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev 165.43"
All my good tests have had a much larger standard deviation. You need more
randomness in your dns output.
>
> By the way, I don't know if server e.f.g.h is updated or not, I'm just
> curious about the result.
>
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080710/c37262e5/signature.bin
More information about the MailScanner
mailing list