[nsp-sec] List of vulnerable DNS resolvers

Mike Palladino mpalladino at internap.com
Tue Jul 22 20:24:38 EDT 2008 

Hi Niels,

Thanks for providing all this data.

Ack for 6993, 10910, 10911, 10912, 10913, 11855, 12178, 12180, 12181, 
12182, 13789, 13790, 13791, 13890, 14742, 14743, 14744, 14745, 15570, 
17565, 19024, 22212, 24246, 242495, 30282, and 30637.

Thanks,
-Mike

--------------------------------------------------------------------------
Mike Palladino, CCDP, CCNP              Internap Network Operations Center
Manager, Network Operations Center
                                         NOC: 1.877.THE.INOC
Email: mpalladino at internap.com          Email: noc at internap.com

    *The contents of this email message are confidential and proprietary*
--------------------------------------------------------------------------


On Tue, 22 Jul 2008, Niels Provos wrote:

> ----------- nsp-security Confidential --------
>
> Hi,
>
> as you know, the DNS flaw was leaked yesterday.   At the moment, ~70%
> of all resolvers on the Internet use static or trivially predictable
> source ports.   These resolvers/NAT devices need to be patched as soon
> as possible.   The CERT reference for this flaw can be found at:
>
> http://www.kb.cert.org/vuls/id/800113
>
> The flaw allows adversaries to inject almost arbitrary A or NS records
> on vulnerable resolvers, e.g. redirect traffic/proxy traffic of
> legitimate domains.
>
> You can find a list of vulnerable resolvers and corresponding AS numbers at:
>
> https://asn.cymru.com/nsp-sec/upload/1216767459.whois.txt
>
> These IP addresses are from recursive resolvers that showed very low
> standard-deviation (<200) in their source ports according to
> measurements conducted by David Dagon and myself over the last 7 days.
> I released a small Python tool that you can use to test your own
> resolver.   You can download it from:
>
>  http://www.monkey.org/~provos/dnspredict.py
>
> Instructions on how to use the tool can be found here:
>
> http://www.provos.org/index.php?/archives/42-DNS-and-Randomness.html
>
> Please, let me know if you have any questions.
>
> Thank you,
> Niels.
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list