Nmap Development mailing list archives

[UPDATED] [SCRIPT] Check DNS server against porttest, txidtest (CVE-2008-1447)

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Mon, 28 Jul 2008 21:20:07 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Okay so hopefully this is the last email I have to burden you all with
on this subject :-)

I spoke to Duane and he's okay with us advertising/including this
script that checks againt porttest.dns-oarc.net  (I included Duane's
email below.)

He also setup txidtest.dns-oarc.net to check the relative randomness of
transaction IDs.

In setting these two service up, he changed the format slightly so that
they match up (GREAT, GOOD, POOR, UNKNOWN) with the web service
(https://www.dns-oarc.net/oarc/services/dnsentropy) he's setup.

I had to change the offsets in the parsing routine to make the scripts
grab the fields correctly.  These scripts could really benefit from a
real DNS parsing library (or just unpack()...).

So attached are two scripts, the first queries porttest and the second
txidtest.  I would like to use just one script.  It seems 'hard' though
to send two packets on a socket and then do a select() on that socket
in Lua.  If someone wants to combine these scripts I'm all for it.

I have changed the licensing information and headers in the scripts to
reflect my correspondence with Duane.

Brandon


Duane's response follows:
===
Hi Brandon,

So what I'm really asking is three-fold:

* Are you open to public advertisement of this script, especially at
Fyodor's Black Hat talk?


yes.


* How long do you plan on running porttest?


Obviously the service is valuable to the community so OARC will continue
to run it as long as OARC exists (and probably even for a while 
after that).  In other words, we have no plans to stop running it.

* Are you open to this script being included in the Nmap package, and
maybe even potentially on by default?


yes

If you have documentation that refers to porttest please include this URL
if possible:  https://www.dns-oarc.net/oarc/services/porttest

Also note that I just finished modifying it so that you can also examine
transaction ID behavior:

     dig +short txidtest.dns-oarc.net txt

Duane W.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkiOOA4ACgkQqaGPzAsl94LYwwCggL65bVQ4qc2F/kjm006Jyr0b
FqQAoI8pW+qAPxLxQuI783u3FKSi2F5f
=qvNB
-----END PGP SIGNATURE-----

Attachment: dns-safe-recursion-port.nse
Description:

Attachment: dns-safe-recursion-txid.nse
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[UPDATED] [SCRIPT] Check DNS server against porttest, txidtest (CVE-2008-1447) Brandon Enright (Jul 28)
- Re: [UPDATED] [SCRIPT] Check DNS server against porttest, txidtest (CVE-2008-1447) Duane Wessels (Jul 28)
  - Re: [UPDATED] [SCRIPT] Check DNS server against porttest, txidtest (CVE-2008-1447) Brandon Enright (Jul 28)