Exploit for DNS Cache Poisoning - RELEASED

Graeme Fowler graeme at graemef.net
Fri Jul 25 17:32:32 CDT 2008


On Fri, 2008-07-25 at 23:25 +0100, Graeme Fowler wrote:
> I saw this earlier in the week, along with queries for a domain name
> which happens to have been registered by Dan Kaminsky, so I emailed him
> about it. The addresses in question at Georgia Tech appear to be in use
> as part of Doxpara's scan for unpatched systems, which he confirmed.

And for extra points, can anyone with access to the raw un-logwatched
log entries tell us what's rather odd about the queries, given the
current furore over... well, that'd give the answer ;-)

Graeme





More information about the NANOG mailing list