DNS cache poisoning difficulty

[hdm at metasploit.com (H D Moore)]

With your setup, the exploits won't work. You could modify the exploit 
locally, remove the authoritative checks, and hardcode barbs = 
[ "ip1", "ip2", "ip3"]. Alternatively, add a new option to specify the 
list of nameservers to spoof and submit the patch :-)

On Tuesday 29 July 2008, Sat Jagat Singh wrote:
> In testing the spoof/dns/bailiwicked_host (and also bailiwicked_domain)
> modules on an internal penetration test I have encountered a challenge
> with firewall filtering of egress to external DNS servers. ?Let me be
> clear, I am on the LAN. ?DNS traffic is not permitted out to the
> internet except from the organization's own internal DNS servers that
> perform recursive queries for internal users.

> Metasploit gets to a point where it attempts to query yahoo's
> nameserver for authoritativeness and just hangs since the traffic gets
> dropped at the firewall.

> Any suggestions?