Is this still valid with the new information that has come out? All ours appear to be OK currently, using this method, but is this OK with new exploit ? On Fri, 2008-07-25 at 12:19 +1200, Sam Sargeant wrote:
On 24/07/2008, at 9:33 PM, Jasper Bryant-Greene wrote:
testing from an IP in the USA, I was able to make recursive queries at six major NZ ISPs, and there are no doubt more. I won't bother naming, it's trivial for anyone to figure it out for themselves, and the affected ISPs (should) know who they are.
It's so tempting to name and shame, but someone talked me out of it. :)
Run this command:
dig +short porttest.dns-oarc.net txt
If it says "POOR" then you or your ISP needs to update DNS servers. If you want to test another server then try:
dig +short @ns1.someisp.net.nz porttest.dns-oarc.net txt
There is an exploit out there:
"US-CERT is aware of publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. Exploitation of this vulnerability may allow an attacker to cause a nameserver's clients to contact the incorrect, and possibly malicious hosts for particular services. As a result, web traffic, email and other important network data could be redirected to systems under the attacker's control"
http://www.us-cert.gov/current/index.html#dns_cache_poisoning_public_exploit
Anyone else wishing NZ had our own CERT right now?
Sam.
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog