DNS cache poisoning attacks
EL MAAYATI Afaf
afaf at anrt.ma
Tue Aug 26 15:57:13 UTC 2008
No, my server is recursive and it's not configured as a Forwarder.
But, as my server is behind a (PAT) system, I guess that it's the reason
why the source port randomization, implemented within the Patch (or the
new version of Bind), is ignored
-----Original Message-----
From: Vinny Abello [mailto:vinny at tellurian.com]
Sent: Tuesday, August 26, 2008 1:22 PM
To: EL MAAYATI Afaf
Cc: Alan Clegg; bind-users at isc.org
Subject: Re: DNS cache poisoning attacks
Are you forwarding recursive requests to another server that is
vulnerable?
On Aug 26, 2008, at 8:23 AM, "EL MAAYATI Afaf" <afaf at anrt.ma> wrote:
> Hello,
> The line " query-source address x port 53;" is already
> disabled;
> And I'm running the new version (beta) of Bind:
> #dig +short @192.168.2.3 ch version.bind txt
> 9.5.1b1
>
>
>
> Best Regards,
>
> -----Original Message-----
> From: Alan Clegg [mailto:Alan_Clegg at isc.org]
> Sent: Tuesday, August 26, 2008 1:12 AM
> To: EL MAAYATI Afaf
> Cc: bind-users at isc.org
> Subject: Re: DNS cache poisoning attacks
>
> EL MAAYATI Afaf wrote:
>> Hello,
>> As recommended, I've upgraded my DNS server to the version
> BIND 9.5.1b1 <http://www.isc.org/sw/bind/view?release=9.5.1b1> . But I
> still have the message indicating that my server is still vulnerable
>>
>> # dig @192.168.2.3 +short porttest.dns-oarc.net txt
>>
> Porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-
> oarc.n
> et.
>> "192.168.2.3 is POOR: 26 queries in 6.4 seconds from 1 ports with std
> dev 0"
>>
>> Is there anything that I've missed?
>
> Do you have a line similar to:
>
> query-source address x port 53;
>
> If so, change it to:
>
> query-source address x port *;
>
> Or get rid of it completely.
>
> If you don't have a line like this, you may have an issue with a
> firewall that "un-randomizes" your queries.
>
> The other thing that you may want to check is if you are actually
> running the correct version of named. Check using:
>
> dig +short @192.168.2.3 version.bind ch txt
>
> AlanC
>
>
More information about the bind-users
mailing list