Re: Multiple DNS implementations vulnerable to cache poisoning

[Brian Keefer]

On Jul 11, 2008, at 7:58 AM, Tuc at T-B-O-H.NET wrote:

> > Reading through the JavaScript that drives <http://www.doxpara.com/>,
> > it appears to be pretty easy to write a non-AJAX client to query  
> > Dan's
> > service.  I threw one together in perl, named "noclicky", that  
> > allows you
> > to use Dan's service against any nameserver specified on the  
> > command line.
> > You can download a copy from <http://michael.toren.net/code/ 
> > noclicky/>.
> 	It looks like Dan changed what it returns, and noclicky 1.00 gets
> confused. You can fix this, atleast until MCT comes out with a new  
> version,
> by putting :
>
> my $date = shift @data;
>
> 	before the line :
>
> print "Requests seen for $domain:\n";
>
>
> 			Tuc/TBOH

Sorry to necro this, but the original version will lead to a false  
sense of security and people might be finding it in the archives...

--- noclicky-1.00.pl    Fri Jul 25 02:02:16 2008
+++ noclicky-1.01.pl    Fri Jul 25 02:11:18 2008
@@ -64,10 +64,12 @@
 my %ports;
 for my $data (@data)
 {
-    chomp($data);
-    my ($ip, $port, $txid) = split "-", $data;
-    print "  $ip:$port TXID=$txid\n";
-    $ports{$port} = 1;
+    if ($data =~ /^[1-9]/) {
+        chomp($data);
+        my ($ip, $port, $txid) = split "-", $data;
+        print "  $ip:$port TXID=$txid\n";
+        $ports{$port} = 1;
+    }
 }

Thanks to Michael for the tool, though!

Brian Keefer
Sr. Systems Engineer
www.Proofpoint.com
"Defend email.  Protect data."