[105885] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Multiple DNS implementations vulnerable to cache poisoning

daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Jean-Fran=E7ois_Mez)
Wed Jul 9 00:04:57 2008

Date: Wed, 09 Jul 2008 00:04:33 -0400
From: =?ISO-8859-1?Q?Jean-Fran=E7ois_Mezei?= <jfmezei@vaxination.ca>
To: nanog@nanog.org
In-Reply-To: <487420DF.4040706@gmail.com>
Errors-To: nanog-bounces@nanog.org

Re: the tool

My DNS server does not serve the outside world. Incoming packets to port
53 are NAT directed to an non-existant IP on the LAN.

The tool uses my internet facing IP as my DNS server and tells me I am
vulnerable. Since, from the internet, connecting to that IP at port 53
will not get you to a DNS server, I find the tool's conclusion rather
without much value.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[105885] in North American Network Operators' Group

Re: Multiple DNS implementations vulnerable to cache poisoning

daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Jean-Fran=E7ois_Mez)Wed Jul 9 00:04:57 2008

daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Jean-Fran=E7ois_Mez)
Wed Jul 9 00:04:57 2008