nanog mailing list archives

Re: Multiple DNS implementations vulnerable to cache poisoning

From: Jean-François Mezei <jfmezei () vaxination ca>
Date: Wed, 09 Jul 2008 04:39:49 -0400

Michael C. Toren wrote:

        bash$ ./noclicky 68.87.76.181 
        Looking up r14z2k52m6uj.toorrr.com against 68.87.76.181
        Fetching http://209.200.168.66/fprint/r14z2k52m6uj
        Requests seen for r14z2k52m6uj.toorrr.com:
          68.87.76.181:17244 TXID=23113
          68.87.76.181:17219 TXID=31336
          68.87.76.181:17270 TXID=1613
          68.87.76.181:16987 TXID=22846
          68.87.76.181:16974 TXID=24013
        Your nameserver appears to be safe


Thanks for the explanation. I used wireshark to capture the DNS traffic
from my server to the outside world while running the doxpara.com test.

My DNS server made the various DNS requests from the same port and is
thus vulnerable. (VMS TCPIP Services so no patches expected).

Current thread:

Multiple DNS implementations vulnerable to cache poisoning Buhrmaster, Gary (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth (Jul 08)
  - Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth (Jul 08)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Lynda (Jul 08)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Owen DeLong (Jul 08)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Christian Koch (Jul 08)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Jimmy Hess (Jul 08)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Jean-François Mezei (Jul 08)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Chris Adams (Jul 08)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Michael C. Toren (Jul 08)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Jean-François Mezei (Jul 09)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth (Jul 09)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Simon Waters (Jul 09)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth (Jul 09)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Tuc at T-B-O-H.NET (Jul 11)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Brian Keefer (Jul 25)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Joe Greco (Jul 09)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Lynda (Jul 08)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Jeffrey Ollie (Jul 08)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Steven M. Bellovin (Jul 09)

(Thread continues...)