Multiple DNS implementations vulnerable to cache poisoning

Tuc at T-B-O-H.NET ml at t-b-o-h.net
Fri Jul 11 09:58:01 CDT 2008


> Reading through the JavaScript that drives <http://www.doxpara.com/>,
> it appears to be pretty easy to write a non-AJAX client to query Dan's
> service.  I threw one together in perl, named "noclicky", that allows you
> to use Dan's service against any nameserver specified on the command line.
> You can download a copy from <http://michael.toren.net/code/noclicky/>.
>
	It looks like Dan changed what it returns, and noclicky 1.00 gets
confused. You can fix this, atleast until MCT comes out with a new version,
by putting :

my $date = shift @data;

	before the line :

print "Requests seen for $domain:\n";


			Tuc/TBOH




More information about the NANOG mailing list