Educause Security Discussion mailing list archives

Re: regarding the critical DNS protocol vulnerability

From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Fri, 11 Jul 2008 15:39:59 +1200


On 11/07/2008, at 2:30 AM, Doug Pearson wrote:

Wednesday, 2008-07-09:

Regarding ability to use the Doxpara tool in an automated fashion:

Someone on NANOG came up with a perl wrapper that can be directed
at a specified DNS server.

http://mailman.nanog.org/pipermail/nanog/2008-July/001966.html


I have hacked this script so it reads output from nmap -oG (see the
comment at the start of the script).   Nmap found nearly 100 addresses
responding on tcp 53 but only a small fraction of these appear to be
running name servers.  Most timed out when the script tried to make
queries to them.  This slows things down enormously as the timeout is
a couple of minutes so the script took an hour or so to run.

The good news is that nearly all of our name servers are now fixed and
there are a few more that will be rebooted over the weekend.

Russell

Attachment: noclicky-1.00.pl
Description:

Current thread:

regarding the critical DNS protocol vulnerability Doug Pearson (Jul 10)
- <Possible follow-ups>
- Re: regarding the critical DNS protocol vulnerability Russell Fulton (Jul 10)
- Re: regarding the critical DNS protocol vulnerability Russ Harvey (Jul 10)
- Re: regarding the critical DNS protocol vulnerability Russell Fulton (Jul 11)
- Re: regarding the critical DNS protocol vulnerability Dick Jacobson (Jul 11)
- Re: regarding the critical DNS protocol vulnerability Keir Novik (Jul 11)
- Re: regarding the critical DNS protocol vulnerability Lutinski, Steven T (Jul 11)
- Re: regarding the critical DNS protocol vulnerability Shumon Huque (Jul 12)