North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Multiple DNS implementations vulnerable to cache poisoning
Michael C. Toren wrote: > bash$ ./noclicky 184.108.40.206 > Looking up r14z2k52m6uj.toorrr.com against 220.127.116.11 > Fetching http://18.104.22.168/fprint/r14z2k52m6uj > Requests seen for r14z2k52m6uj.toorrr.com: > 22.214.171.124:17244 TXID=23113 > 126.96.36.199:17219 TXID=31336 > 188.8.131.52:17270 TXID=1613 > 184.108.40.206:16987 TXID=22846 > 220.127.116.11:16974 TXID=24013 > Your nameserver appears to be safe > Thanks for the explanation. I used wireshark to capture the DNS traffic from my server to the outside world while running the doxpara.com test. My DNS server made the various DNS requests from the same port and is thus vulnerable. (VMS TCPIP Services so no patches expected).