[afnog] Big DNS vulnerability (Here is my finds and Quickst Solution 4 those running BIND on Centos or Fedora Linux Distros)...
Yahaya Wara
mywarra at yahoo.com
Sat Jul 26 10:46:22 UTC 2008
Noah,
I got the following output when I issued
dig +short @localhost porttest.dns-oarc.net TXT
on my dns server.
root at dns:~# dig +short @localhost porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"x.x.x.x is GOOD: 26 queries in 1.8 seconds from 26 ports with std dev 17320.37"
root at dns:~# dig +short @localhost porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"x.x.x.x is GOOD: 26 queries in 1.8 seconds from 26 ports with std dev 17320.37"
Where
x.x.x.x is the ip address of my ISP DNS server. Why it is not returning my dns IP address.
thanks
Yahaya Mohammed Wara B.Sc, CCIE-written CCNP, CCAI, CCNA
Usmanu Danfodiyo University
P.M.B 2346, Sokoto, Nigeria
Mobile: 234-8039687494
'If current can be present in every part of circuit I see no reason Why Intelligency can not be passed through Computers'
--- On Sat, 7/26/08, Maina Noah <mainanoah at ipexpertz.net> wrote:
From: Maina Noah <mainanoah at ipexpertz.net>
Subject: Re: [afnog] Big DNS vulnerability (Here is my finds and Quickst Solution 4 those running BIND on Centos or Fedora Linux Distros)...
To: kurup at afrinic.net
Cc: afnog at afnog.org
Date: Saturday, July 26, 2008, 3:31 AM
On 26/07/2008 11:46, Maina Noah wrote:-
> got you. The funny thing is, the test on the web sends back a positive
> result when i test the same centos box using the dns check tool from
> <https://www.dns-oarc.net/>https://www.dns-oarc.net/
>
> Both the Source port randomness and Transaction ID randomness were GREAT.
>
> Now on the box itself, i noted one strange thing. See outputs below. The
> first dig test does not generate an error. But the second dig output
> does generate an ID mis-match error.
> Is it because of the @ns1.yourdomain.co.tz. I guess it is. But both
> tests give a positive responce of GOOD though the standard deviation
> values vary.
>>In the first test, it is probably picking a different resolver from your
>>resolv.conf file.
>>As for the tests on dns-oarc, I get confusing results myself.
>>dig returns POOR but the web page returns GREAT.
>>(PS: In both cases I am using only 127.0.0.1 as my resolver).
--
Hari
Quit strange.I hope your running dig from the same box. I mean the name server itself.
Have you tried testing with the IP address of the box itself rather than the loopback 127.0.0.1 (localhost).
Because when i try the same, i get response...when i replace 127.0.0.1 with localhost..i still get a good
response.
[superuser at ns1 ~]# dig +short @127.0.0.1 porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"192.168.1.3 is GOOD: 26 queries in 20.2 seconds from 26 ports with std dev 18487.69"
[superuser at ns1 ~]# dig +short @localhost porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"192.168.1.3 is GOOD: 26 queries in 21.2 seconds from 26 ports with std dev 17754.60"
Also on the web page returns GREAT.
./maina noah
_______________________________________________
afnog mailing list
http://afnog.org/mailman/listinfo/afnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20080726/008655da/attachment-0002.html>
More information about the afnog
mailing list