[nsp-sec] List of vulnerable DNS resolvers

Zoe O'Connell zoe at hotchilli.com
Wed Jul 23 04:50:02 EDT 2008 

ACK AS8419, thanks

On 23/07/2008 09:44, Lars Michael Jogback wrote:
> ----------- nsp-security Confidential --------
>
> ACK 1257
>
> * Niels Provos <niels at google.com> [2008-07-22 16:11:49]:
>
>   
>> ----------- nsp-security Confidential --------
>>
>> Hi,
>>
>> as you know, the DNS flaw was leaked yesterday.   At the moment, ~70%
>> of all resolvers on the Internet use static or trivially predictable
>> source ports.   These resolvers/NAT devices need to be patched as soon
>> as possible.   The CERT reference for this flaw can be found at:
>>
>>  http://www.kb.cert.org/vuls/id/800113
>>
>> The flaw allows adversaries to inject almost arbitrary A or NS records
>> on vulnerable resolvers, e.g. redirect traffic/proxy traffic of
>> legitimate domains.
>>
>> You can find a list of vulnerable resolvers and corresponding AS numbers at:
>>
>>  https://asn.cymru.com/nsp-sec/upload/1216767459.whois.txt
>>
>> These IP addresses are from recursive resolvers that showed very low
>> standard-deviation (<200) in their source ports according to
>> measurements conducted by David Dagon and myself over the last 7 days.
>>  I released a small Python tool that you can use to test your own
>> resolver.   You can download it from:
>>
>>   http://www.monkey.org/~provos/dnspredict.py
>>
>> Instructions on how to use the tool can be found here:
>>
>>  http://www.provos.org/index.php?/archives/42-DNS-and-Randomness.html
>>
>> Please, let me know if you have any questions.
>>
>> Thank you,
>>  Niels.
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>> community. Confidentiality is essential for effective Internet security counter-measures.
>> _______________________________________________
>>     
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list