[nsp-sec] ACK 2119/8434 List of vulnerable DNS resolvers

[bjorn.jensen at telenor.com]

ack for 2119 and 8434
Thank you for the information.

/ Bjorn


________________________________________
Fra: nsp-security-bounces at puck.nether.net [nsp-security-bounces at puck.nether.net] på vegne av Niels Provos [niels at google.com]
Sendt: 23. juli 2008 01:11
Til: nsp-security at puck.nether.net
Emne: [nsp-sec] List of vulnerable DNS resolvers

----------- nsp-security Confidential --------

Hi,

as you know, the DNS flaw was leaked yesterday.   At the moment, ~70%
of all resolvers on the Internet use static or trivially predictable
source ports.   These resolvers/NAT devices need to be patched as soon
as possible.   The CERT reference for this flaw can be found at:

 http://www.kb.cert.org/vuls/id/800113

The flaw allows adversaries to inject almost arbitrary A or NS records
on vulnerable resolvers, e.g. redirect traffic/proxy traffic of
legitimate domains.

You can find a list of vulnerable resolvers and corresponding AS numbers at:

 https://asn.cymru.com/nsp-sec/upload/1216767459.whois.txt

These IP addresses are from recursive resolvers that showed very low
standard-deviation (<200) in their source ports according to
measurements conducted by David Dagon and myself over the last 7 days.
 I released a small Python tool that you can use to test your own
resolver.   You can download it from:

  http://www.monkey.org/~provos/dnspredict.py

Instructions on how to use the tool can be found here:

 http://www.provos.org/index.php?/archives/42-DNS-and-Randomness.html

Please, let me know if you have any questions.

Thank you,
 Niels.


_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________