[olug] DNS exploit VU#800113 - should we be alarmed?
Dan Linder
dan at linder.org
Tue Jul 15 22:23:03 UTC 2008
On Tue, Jul 15, 2008 at 3:13 PM, Luke -Jr <luke at dashjr.org> wrote:
> I just applied the security fixes last night and restarted BIND... and I
> still
> get POOR... is it cached?
Might want to check the up-stream DNS servers you're relying on. On my home
firewall (Ubuntu 8.04.1 LTS with patches) I ran this:
dig @localhost porttest.dns-oarc.net in txt
And I got back this information:
dan at fwall:~$ dig @localhost porttest.dns-oarc.net in txt
; <<>> DiG 9.4.2-P1 <<>> @localhost porttest.dns-oarc.net in txt
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54298
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;porttest.dns-oarc.net. IN TXT
;; ANSWER SECTION:
porttest.dns-oarc.net. 5 IN CNAME
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. 60 IN
TXT "72.213.0.13 is GOOD: 26 queries in 1.9 seconds from 26 ports with std
dev 14506.94"
;; AUTHORITY SECTION:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. 60 IN
NS ns.z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
;; Query time: 2134 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul 15 17:21:40 2008
;; MSG SIZE rcvd: 220
Since the third from last line (";; SERVER") line shows I'm using myself, I
would believe I'm patchd up.
Dan
--
"Quis custodiet ipsos custodes?" (Who can watch the watchmen?) -- from the
Satires of Juvenal
"I do not fear computers, I fear the lack of them." -- Isaac Asimov (Author)
** *** ***** ******* *********** *************
More information about the OLUG
mailing list