[nsp-sec] List of vulnerable DNS resolvers
Gabriel Iovino
giovino at ren-isac.net
Tue Jul 22 22:52:43 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ACK the following:
https://asn.cymru.com/nsp-sec/upload/1216781011.whois.txt
~1040 IPs.
To any EDUs that are NSP-SEC members and received a notification from
us, I apologize for the duplication.
Niels, thanks for the hard work, we appreciate it :)
Gabe
Niels Provos wrote:
| ----------- nsp-security Confidential --------
|
| Hi,
|
| as you know, the DNS flaw was leaked yesterday. At the moment, ~70%
| of all resolvers on the Internet use static or trivially predictable
| source ports. These resolvers/NAT devices need to be patched as soon
| as possible. The CERT reference for this flaw can be found at:
|
| http://www.kb.cert.org/vuls/id/800113
|
| The flaw allows adversaries to inject almost arbitrary A or NS records
| on vulnerable resolvers, e.g. redirect traffic/proxy traffic of
| legitimate domains.
|
| You can find a list of vulnerable resolvers and corresponding AS
numbers at:
|
| https://asn.cymru.com/nsp-sec/upload/1216767459.whois.txt
|
| These IP addresses are from recursive resolvers that showed very low
| standard-deviation (<200) in their source ports according to
| measurements conducted by David Dagon and myself over the last 7 days.
| I released a small Python tool that you can use to test your own
| resolver. You can download it from:
|
| http://www.monkey.org/~provos/dnspredict.py
|
| Instructions on how to use the tool can be found here:
|
| http://www.provos.org/index.php?/archives/42-DNS-and-Randomness.html
|
| Please, let me know if you have any questions.
|
| Thank you,
| Niels.
|
|
| _______________________________________________
| nsp-security mailing list
| nsp-security at puck.nether.net
| https://puck.nether.net/mailman/listinfo/nsp-security
|
| Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
| community. Confidentiality is essential for effective Internet
security counter-measures.
| _______________________________________________
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkiGnPsACgkQwqygxIz+pTvf1gCffMzL+yPtm8XJhanzu3dpZJSw
qjEAnjSUi49FK7CMsNW9+ZlGNQfPemWC
=SpxQ
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list