Re: Multiple DNS implementations vulnerable to cache poisoning

• From: Brian Keefer
• Date: Fri Jul 25 05:29:55 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

Reading through the JavaScript that drives <http://www.doxpara.com/>,
it appears to be pretty easy to write a non-AJAX client to query Dan's
service. I threw one together in perl, named "noclicky", that allows you
to use Dan's service against any nameserver specified on the command line.
You can download a copy from <http://michael.toren.net/code/ noclicky/>.

It looks like Dan changed what it returns, and noclicky 1.00 gets
confused. You can fix this, atleast until MCT comes out with a new version,
by putting :

my $date = shift @data;

before the line :

print "Requests seen for $domain:\n";


Tuc/TBOH

--- noclicky-1.00.pl    Fri Jul 25 02:02:16 2008
+++ noclicky-1.01.pl    Fri Jul 25 02:11:18 2008
@@ -64,10 +64,12 @@
 my %ports;
 for my $data (@data)
 {
-    chomp($data);
-    my ($ip, $port, $txid) = split "-", $data;
-    print "  $ip:$port TXID=$txid\n";
-    $ports{$port} = 1;
+    if ($data =~ /^[1-9]/) {
+        chomp($data);
+        my ($ip, $port, $txid) = split "-", $data;
+        print "  $ip:$port TXID=$txid\n";
+        $ports{$port} = 1;
+    }
 }

Brian Keefer
Sr. Systems Engineer
www.Proofpoint.com
"Defend email.  Protect data."

• References:
  • Re: Multiple DNS implementations vulnerable to cache poisoning Tuc at T-B-O-H.NET

• Prev by Date: Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
• Next by Date: BGP Update Report
• Date Index
• Thread Index
• Author Index
• Historical