[afnog] Big DNS vulnerability (Here is my finds and Quickst Solution 4 those running BIND on Centos or Fedora Linux Distros)...

Hari Kurup kurup at afrinic.net
Sat Jul 26 08:45:57 UTC 2008


On 26/07/2008 10:27, Hari Kurup wrote:-
> On 25/07/2008 00:46, Maina Noah wrote:-
> 
>> [superuser at ns1 /]# *dig +short @ns1.youdomain.co.tz
>> porttest.dns-oarc.net <http://porttest.dns-oarc.net> TXT
>> *
>> ;; Warning: ID mismatch: expected ID 32835, got 58254
>> ;; Warning: ID mismatch: expected ID 32835, got 58254
>> ;; Warning: ID mismatch: expected ID 32835, got 58254*
> 
> Maybe I am wrong but it looks to me that even after you patched your
> bind setup, your outgoing UDP source port numbers are not getting
> randomised?

correction ...the transaction IDs, not port numbers. They too should be
random.

--
Hari




More information about the afnog mailing list