Multiple DNS implementations vulnerable to cache poisoning

Brian Keefer chort at smtps.net
Fri Jul 25 04:28:53 CDT 2008


On Jul 11, 2008, at 7:58 AM, Tuc at T-B-O-H.NET wrote:

>> Reading through the JavaScript that drives <http://www.doxpara.com/>,
>> it appears to be pretty easy to write a non-AJAX client to query  
>> Dan's
>> service.  I threw one together in perl, named "noclicky", that  
>> allows you
>> to use Dan's service against any nameserver specified on the  
>> command line.
>> You can download a copy from <http://michael.toren.net/code/ 
>> noclicky/>.
>>
> 	It looks like Dan changed what it returns, and noclicky 1.00 gets
> confused. You can fix this, atleast until MCT comes out with a new  
> version,
> by putting :
>
> my $date = shift @data;
>
> 	before the line :
>
> print "Requests seen for $domain:\n";
>
>
> 			Tuc/TBOH
>

Sorry to necro this, but the original version will lead to a false  
sense of security and people might be finding it in the archives...

--- noclicky-1.00.pl    Fri Jul 25 02:02:16 2008
+++ noclicky-1.01.pl    Fri Jul 25 02:11:18 2008
@@ -64,10 +64,12 @@
  my %ports;
  for my $data (@data)
  {
-    chomp($data);
-    my ($ip, $port, $txid) = split "-", $data;
-    print "  $ip:$port TXID=$txid\n";
-    $ports{$port} = 1;
+    if ($data =~ /^[1-9]/) {
+        chomp($data);
+        my ($ip, $port, $txid) = split "-", $data;
+        print "  $ip:$port TXID=$txid\n";
+        $ports{$port} = 1;
+    }
  }

Thanks to Michael for the tool, though!

Brian Keefer
Sr. Systems Engineer
www.Proofpoint.com
"Defend email.  Protect data."






More information about the NANOG mailing list