[nsp-sec] List of vulnerable DNS resolvers
Smith, Donald
Donald.Smith at qwest.com
Tue Jul 22 19:32:09 EDT 2008
Neils, I think the right thing to do is notify these customers do you want credit, or do we sanitize or ...?
donald.smith at qwest.com giac
________________________________
From: nsp-security-bounces at puck.nether.net on behalf of Niels Provos
Sent: Tue 7/22/2008 5:11 PM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] List of vulnerable DNS resolvers
----------- nsp-security Confidential --------
Hi,
as you know, the DNS flaw was leaked yesterday. At the moment, ~70%
of all resolvers on the Internet use static or trivially predictable
source ports. These resolvers/NAT devices need to be patched as soon
as possible. The CERT reference for this flaw can be found at:
http://www.kb.cert.org/vuls/id/800113
The flaw allows adversaries to inject almost arbitrary A or NS records
on vulnerable resolvers, e.g. redirect traffic/proxy traffic of
legitimate domains.
You can find a list of vulnerable resolvers and corresponding AS numbers at:
https://asn.cymru.com/nsp-sec/upload/1216767459.whois.txt
These IP addresses are from recursive resolvers that showed very low
standard-deviation (<200) in their source ports according to
measurements conducted by David Dagon and myself over the last 7 days.
I released a small Python tool that you can use to test your own
resolver. You can download it from:
http://www.monkey.org/~provos/dnspredict.py
Instructions on how to use the tool can be found here:
http://www.provos.org/index.php?/archives/42-DNS-and-Randomness.html
Please, let me know if you have any questions.
Thank you,
Niels.
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list