Multiple DNS implementations vulnerable to cache poisoning

Jean-François Mezei jfmezei at vaxination.ca
Wed Jul 9 03:39:49 CDT 2008


Michael C. Toren wrote:

>         bash$ ./noclicky 68.87.76.181 
>         Looking up r14z2k52m6uj.toorrr.com against 68.87.76.181
>         Fetching http://209.200.168.66/fprint/r14z2k52m6uj
>         Requests seen for r14z2k52m6uj.toorrr.com:
>           68.87.76.181:17244 TXID=23113
>           68.87.76.181:17219 TXID=31336
>           68.87.76.181:17270 TXID=1613
>           68.87.76.181:16987 TXID=22846
>           68.87.76.181:16974 TXID=24013
>         Your nameserver appears to be safe
> 

Thanks for the explanation. I used wireshark to capture the DNS traffic
from my server to the outside world while running the doxpara.com test.

My DNS server made the various DNS requests from the same port and is
thus vulnerable. (VMS TCPIP Services so no patches expected).




More information about the NANOG mailing list