DNS cache poisoning attacks
Jeremy C. Reed
Jeremy_Reed at isc.org
Tue Aug 26 01:19:50 UTC 2008
On Sat, 23 Aug 2008, EL MAAYATI Afaf wrote:
> As recommended, I've upgraded my DNS server to the version
> BIND 9.5.1b1 <http://www.isc.org/sw/bind/view?release=9.5.1b1> . But I
> still have the message indicating that my server is still vulnerable
>
> # dig @192.168.2.3 +short porttest.dns-oarc.net txt
> Porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
> "192.168.2.3 is POOR: 26 queries in 6.4 seconds from 1 ports with std dev 0"
>
> Is there anything that I've missed?
Make sure it was restarted with correct new named.
Make sure you aren't limiting the ports with a query-source.
Make sure that a packet filter isn't rewriting the random ports to
unrandomize them.
More information about the bind-users
mailing list