[afnog] Big DNS vulnerability (Here is my finds and Quickst Solution 4 those running BIND on Centos or Fedora Linux Distros)...
alain aina
aalain at trstech.net
Sat Jul 26 12:21:42 UTC 2008
On Jul 26, 2008, at 8:45 AM, Hari Kurup wrote:
> On 26/07/2008 10:27, Hari Kurup wrote:-
>> On 25/07/2008 00:46, Maina Noah wrote:-
>>
>>> [superuser at ns1 /]# *dig +short @ns1.youdomain.co.tz
>>> porttest.dns-oarc.net <http://porttest.dns-oarc.net> TXT
>>> *
>>> ;; Warning: ID mismatch: expected ID 32835, got 58254
>>> ;; Warning: ID mismatch: expected ID 32835, got 58254
>>> ;; Warning: ID mismatch: expected ID 32835, got 58254*
>>
>> Maybe I am wrong but it looks to me that even after you patched your
>> bind setup, your outgoing UDP source port numbers are not getting
>> randomised?
>
> correction ...the transaction IDs, not port numbers. They too should
> be
> random.
>
>
both should be random, but If a server sends multiple equivalent
queries before receiving a response, all should have identical ID,
source address and source port.
--alain
More information about the afnog
mailing list