[olug] DNS exploit VU#800113 - should we be alarmed?

Dan Linder dan at linder.org
Tue Jul 15 22:23:03 UTC 2008


On Tue, Jul 15, 2008 at 3:13 PM, Luke -Jr <luke at dashjr.org> wrote:

> I just applied the security fixes last night and restarted BIND... and I
> still
> get POOR... is it cached?


Might want to check the up-stream DNS servers you're relying on.  On my home
firewall (Ubuntu 8.04.1 LTS with patches) I ran this:
dig @localhost porttest.dns-oarc.net in txt

And I got back this information:
dan at fwall:~$ dig @localhost porttest.dns-oarc.net in txt

; <<>> DiG 9.4.2-P1 <<>> @localhost porttest.dns-oarc.net in txt
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54298
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;porttest.dns-oarc.net.         IN      TXT

;; ANSWER SECTION:
porttest.dns-oarc.net.  5       IN      CNAME
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. 60 IN
TXT "72.213.0.13 is GOOD: 26 queries in 1.9 seconds from 26 ports with std
dev 14506.94"

;; AUTHORITY SECTION:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. 60 IN
NS ns.z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.

;; Query time: 2134 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul 15 17:21:40 2008
;; MSG SIZE  rcvd: 220

Since the third from last line (";; SERVER") line shows I'm using myself, I
would believe I'm patchd up.

Dan

-- 
"Quis custodiet ipsos custodes?" (Who can watch the watchmen?) -- from the
Satires of Juvenal
"I do not fear computers, I fear the lack of them." -- Isaac Asimov (Author)
** *** ***** ******* *********** *************



More information about the OLUG mailing list