[106297] in North American Network Operators' Group
Re: Exploit for DNS Cache Poisoning - RELEASED
daemon@ATHENA.MIT.EDU (Graeme Fowler)
Fri Jul 25 18:32:45 2008
From: Graeme Fowler <graeme@graemef.net>
To: nanog@nanog.org
In-Reply-To: <1217024730.12145.7.camel@ernie.internal.graemef.net>
Date: Fri, 25 Jul 2008 23:32:32 +0100
Errors-To: nanog-bounces@nanog.org
On Fri, 2008-07-25 at 23:25 +0100, Graeme Fowler wrote:
> I saw this earlier in the week, along with queries for a domain name
> which happens to have been registered by Dan Kaminsky, so I emailed him
> about it. The addresses in question at Georgia Tech appear to be in use
> as part of Doxpara's scan for unpatched systems, which he confirmed.
And for extra points, can anyone with access to the raw un-logwatched
log entries tell us what's rather odd about the queries, given the
current furore over... well, that'd give the answer ;-)
Graeme
