[afnog] Big DNS vulnerability (Here is my finds and Quickst Solution 4 those running BIND on Centos or Fedora Linux Distros)...
Hari Kurup
kurup at afrinic.net
Sat Jul 26 08:27:14 UTC 2008
On 25/07/2008 00:46, Maina Noah wrote:-
> [superuser at ns1 /]# *dig +short @ns1.youdomain.co.tz
> porttest.dns-oarc.net <http://porttest.dns-oarc.net> TXT
> *
> ;; Warning: ID mismatch: expected ID 32835, got 58254
> ;; Warning: ID mismatch: expected ID 32835, got 58254
> ;; Warning: ID mismatch: expected ID 32835, got 58254*
Maybe I am wrong but it looks to me that even after you patched your
bind setup, your outgoing UDP source port numbers are not getting
randomised?
--
Hari
More information about the afnog
mailing list