That sure seems like a lot of work when you could just: dig porttest.dns-oarc.net txt +short @server-ip
For example: $ dig porttest.dns-oarc.net txt +short @217.151.171.7 z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. "217.151.171.7 is GOOD: 26 queries in 3.9 seconds from 26 ports with std dev 19886.66" Notice the word "GOOD" in the output. Also notice the standard deviation shown at the end - you want 5 digits before the decimal point. Chris Buxton Professional Services Men & Mice On Jul 25, 2008, at 10:24 PM, Brian Keefer wrote: > On Jul 25, 2008, at 5:48 PM, Gregory Hicks wrote: > >>> Date: Fri, 25 Jul 2008 20:36:50 -0400 >>> From: [EMAIL PROTECTED] >>> To: "[email protected]" >> <[email protected]> >>> Subject: dns exploit >>> >>> Silly question, how do I tell If Im vulnerable to the dns exploit? >> >> Run attached against your name server thusly: (You need perl...) >> >> noclicky <ns> >> --------------------------------------------------------------------- >> Gregory Hicks | Principal Systems Engineer >> Cadence Design Systems | Direct: 408.576.3609 >> 555 River Oaks Pkwy M/S 9B1 >> San Jose, CA 95134 > > Hello, > > It looks like the listserv ate the attachment, so I'm not sure if the > version you sent was patched to work since Dan has changed his page > (I'd like to assume it is, but you know what assuming does...) The > original noclicky wasn't written to parse the date header that Dan > added to the output, so if you're still using the original it will > _falsely_ report that you're safe. > > I've written an updated patch for noclicky-1.00.pl that you can find > at http://www.SMTPS.net/issues/patches.html , also pasted below. > Apply by doing saving this file to the same directory as > noclicky-1.00.pl and doing: > $ patch -p0 <02-noclicky.patch > > (included inline for the lazy, or the fearful of DNS cache poisoning > against my site) > > --- noclicky-1.00.pl Fri Jul 25 21:15:04 2008 > +++ noclicky-1.00p2.pl Fri Jul 25 22:11:09 2008 > @@ -1,7 +1,7 @@ > #!/usr/bin/perl > # vim:set ts=4 sw=4 ai et: > # > -# noclicky.pl, version 1.00 > +# noclicky.pl, version 1.00p2 > # > # A command line ("non-clicky") client to query the toorrr.com > service to > # determine if a given nameserver is vulnerable to CERT > Vulnerability Note > @@ -24,6 +24,7 @@ > my @char = ("a" .. "z", 0 .. 9); > my $session = join "", map { $char[rand @char] } (1 .. 12); > my $domain = "$session.toorrr.com"; > +my $nodata = 0; > > sub lookup > { > @@ -64,10 +65,23 @@ > my %ports; > for my $data (@data) > { > - chomp($data); > - my ($ip, $port, $txid) = split "-", $data; > - print " $ip:$port TXID=$txid\n"; > - $ports{$port} = 1; > + if ($data =~ /^(?:\d{1,3}\.){3}\d{1,3}-\d{2,5}-\d+$/) { > + chomp($data); > + my ($ip, $port, $txid) = split "-", $data; > + print " $ip:$port TXID=$txid\n"; > + $ports{$port} = 1; > + } else { > + if (++$nodata > 1) { > + # Brian Keefer -- chort AT smtps DOT net > + die '##############################################' . > "\n" . > + '# Uh oh, that\'s not what we were expecting! #' . > "\n" . > + '# Dan Kaminksy must have changed his website #' . > "\n" . > + '# again, please check: #' . > "\n" . > + '#> http://www.SMTPS.net/issues/patches.html <#' . > "\n" . > + '# for a patch. #' . > "\n" . > + '##############################################' . > "\n\n"; > + } > + } > } > > if (keys %ports == 1) { > > > Hopefully that's right, but I am pretty sleepy... I did test both > expected and unexpected data... > > Brian Keefer > Sr. Systems Engineer > www.Proofpoint.com > "Defend email. Protect data." > > >
