[nsp-sec] DNS vulnerability CVE-2008-1447/VU#800113
David Freedman
david.freedman at uk.clara.net
Mon Jul 14 08:43:34 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Just seen this posted to a private mailing list, may be of interest:
(I know this guy well enough to vouch positively for his intentions)
- -------- Original Message --------
Subject: [uknot] DNS vulnerabilty - request for research help
Date: Mon, 14 Jul 2008 11:45:13 +0100
From: Ray Bellis <ray at bellis.me.uk>
Reply-To: UK ISP techies discussion <uknot at uknot.org>
To: UK ISP techies discussion <uknot at uknot.org>
It's public knowledge now that the DNS vulnerability is mitigated by
source port randomisation, taking the effect search space from 16 bits
to 32 bits.
However it's been found that some NAT devices effectively undo the
source port randomisation, regardless of what your recursive resolver
does. I've personally seen routers that pick sequential source ports.
I've also heard a report of another that picks a fixed source port.
This only matters if you run a recursive resolver inside your NAT. If
you run a typical stub resolver you wouldn't be affected by the new
cache poisoning attack.
If any of you are using such a configuration, would you please.
1. visit www.doxpara.com and run the DNS checker there
2. report back to me (ray at nominet.org.uk) with the source ports listed,
the make of the NAT device and software version
I don't need to know your IP or any other specific results from the test
- - I'm only interested in the source ports.
thanks,
Ray
- --
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIe0n1tFWeqpgEZrIRAlKLAKCLxAE8yI2TfXy0wAqg3ezZ4A0GsACdEsmZ
DmISSRn+5yrL1Uokawc+FW4=
=mMMR
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list