North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Multiple DNS implementations vulnerable to cache poisoning

  • From: Jean-François Mezei
  • Date: Wed Jul 09 04:40:10 2008 
Michael C. Toren wrote:

>         bash$ ./noclicky 68.87.76.181 
>         Looking up r14z2k52m6uj.toorrr.com against 68.87.76.181
>         Fetching http://209.200.168.66/fprint/r14z2k52m6uj
>         Requests seen for r14z2k52m6uj.toorrr.com:
>           68.87.76.181:17244 TXID=23113
>           68.87.76.181:17219 TXID=31336
>           68.87.76.181:17270 TXID=1613
>           68.87.76.181:16987 TXID=22846
>           68.87.76.181:16974 TXID=24013
>         Your nameserver appears to be safe
> 

Thanks for the explanation. I used wireshark to capture the DNS traffic
from my server to the outside world while running the doxpara.com test.

My DNS server made the various DNS requests from the same port and is
thus vulnerable. (VMS TCPIP Services so no patches expected).