Multiple DNS implementations vulnerable to cache poisoning
Brian Keefer
chort at smtps.net
Fri Jul 25 09:28:53 UTC 2008
On Jul 11, 2008, at 7:58 AM, Tuc at T-B-O-H.NET wrote:
>> Reading through the JavaScript that drives <http://www.doxpara.com/>,
>> it appears to be pretty easy to write a non-AJAX client to query
>> Dan's
>> service. I threw one together in perl, named "noclicky", that
>> allows you
>> to use Dan's service against any nameserver specified on the
>> command line.
>> You can download a copy from <http://michael.toren.net/code/
>> noclicky/>.
>>
> It looks like Dan changed what it returns, and noclicky 1.00 gets
> confused. You can fix this, atleast until MCT comes out with a new
> version,
> by putting :
>
> my $date = shift @data;
>
> before the line :
>
> print "Requests seen for $domain:\n";
>
>
> Tuc/TBOH
>
Sorry to necro this, but the original version will lead to a false
sense of security and people might be finding it in the archives...
--- noclicky-1.00.pl Fri Jul 25 02:02:16 2008
+++ noclicky-1.01.pl Fri Jul 25 02:11:18 2008
@@ -64,10 +64,12 @@
my %ports;
for my $data (@data)
{
- chomp($data);
- my ($ip, $port, $txid) = split "-", $data;
- print " $ip:$port TXID=$txid\n";
- $ports{$port} = 1;
+ if ($data =~ /^[1-9]/) {
+ chomp($data);
+ my ($ip, $port, $txid) = split "-", $data;
+ print " $ip:$port TXID=$txid\n";
+ $ports{$port} = 1;
+ }
}
Thanks to Michael for the tool, though!
Brian Keefer
Sr. Systems Engineer
www.Proofpoint.com
"Defend email. Protect data."
More information about the NANOG
mailing list