[olug] DNS exploit VU#800113 - should we be alarmed?
Jay Hannah
jay at jays.net
Tue Jul 15 18:46:16 UTC 2008
On Jul 15, 2008, at 1:32 PM, Jay Hannah wrote:
> http://www.circleid.com/posts/87143_dns_not_a_guessing_game/
> http://www.kb.cert.org/vuls/id/800113
Uh oh...? POOR is bad, apparently.
I can't figure out if I should be scared or not.
j
13:40 <@waswas> jhannah: with a new(er) version of dig you can test your
environment's susceptibility with "dig porttest.dns-oarc.net in txt"
FAIR
or GOOD means you have no worries, anything else and you are SOL on
aug 7th
$ dig porttest.dns-oarc.net in txt
; <<>> DiG 9.3.4 <<>> porttest.dns-oarc.net in txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21288
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;porttest.dns-oarc.net. IN TXT
;; ANSWER SECTION:
porttest.dns-oarc.net. 5 IN CNAME
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
60 IN TXT "63.174.225.42 is POOR: 26 queries in 1.9 seconds from 1
ports with std dev 0.00"
;; AUTHORITY SECTION:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
60 IN NS
ns.z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
;; Query time: 4221 msec
;; SERVER: 10.0.33.164#53(10.0.33.164)
;; WHEN: Tue Jul 15 13:41:40 2008
;; MSG SIZE rcvd: 217
More information about the OLUG
mailing list