DNS cache poisoning attacks
Trey Valenta
t at trey.net
Tue Aug 26 14:44:18 UTC 2008
On Tue, Aug 26, 2008 at 09:18:11AM -0000, EL MAAYATI Afaf wrote:
> The line " query-source address x port 53;" is already disabled;
> # dig @192.168.2.3 +short porttest.dns-oarc.net txt
> >
> Porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.n
> et.
> > "192.168.2.3 is POOR: 26 queries in 6.4 seconds from 1 ports with std
> dev 0"
Did you modify the IP addresses in your post, or is this _really_ the
string returned by your query? If you're getting a response with
"192.168.2.3 is POOR", then I presume you have a firewall that's doing
all sorts of rewriting the DNS packets. My initial guess is that
whatever device you use to NAT or PAT the DNS server is the culprit.
Trey
--
<t(Trey)@(Valenta)trey.net> Seattle, Wash.
Q: Why don't lawyers go to the beach?
A: The cats keep trying to bury them.
More information about the bind-users
mailing list