Re: updating & checking DNS zone files

2008-07-08 Thread Stephane Bortzmeyer
On Sat, Jul 05, 2008 at 05:45:26PM -0700, Paul Bertain <[EMAIL PROTECTED]> wrote a message of 41 lines which said: > For incrementing your zone's serial number, I usually include zsu Do you work for the Russian army , which seems to win the Google race f

Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Buhrmaster, Gary
Multiple DNS implementations vulnerable to cache poisoning: http://www.kb.cert.org/vuls/id/800113 (A widely coordinated vendor announcement. As always, check with your vendor(s) for patch status.) Gary

Re: Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Jay R. Ashworth
On Tue, Jul 08, 2008 at 01:48:57PM -0700, Buhrmaster, Gary wrote: > Multiple DNS implementations vulnerable to cache poisoning: > > http://www.kb.cert.org/vuls/id/800113 > > (A widely coordinated vendor announcement. As always, > check with your vendor(s) for patch status.) Obligatory Slashdot

Re: Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Jay R. Ashworth
On Tue, Jul 08, 2008 at 07:20:05PM -0400, Jay R. Ashworth wrote: > Obligatory Slashdot link: > http://it.slashdot.org/article.pl?sid=08/07/08/195225 Additional coverage: http://news.cnet.com/8301-10789_3-9985815-57.html http://news.cnet.com/8301-10789_3-9985826-57.html ht

Re: Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Lynda
This is also being covered over on the Defcon Forums. Jeff Moss has said that he'll post the link to the interview that Kaminsky is doing right now, after it's over. Here's the link to the Forum discussion: https://forum.defcon.org/showthread.php?t=9547 The forum link also has a link to Dan's

Re: Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Owen DeLong
The tool, unfortunately, only goes after the server it thinks you are using to recurse from the client where you're running your browser. This makes it hard to test servers being used in production environments without GUIs. The tool is not Lynx compatible. Owen On Jul 8, 2008, at 5:12 PM, L

Re: Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Christian Koch
surely the tool is not focused at a dns operator/admin audience.. On Tue, Jul 8, 2008 at 8:20 PM, Owen DeLong <[EMAIL PROTECTED]> wrote: > The tool, unfortunately, only goes after the server it thinks you are using > to > recurse from the client where you're running your browser. > > This make

Re: Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Lynda
Owen DeLong wrote: The tool, unfortunately, only goes after the server it thinks you are using to recurse from the client where you're running your browser. This makes it hard to test servers being used in production environments without GUIs. The tool is not Lynx compatible. Figures. It's b

Re: Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Jeffrey Ollie
On Tue, Jul 8, 2008 at 8:26 PM, Lynda <[EMAIL PROTECTED]> wrote: > > Audio of Dan's press interview: > > https://media.blackhat.com/webinars/...conference.mp3 Actual URL: https://media.blackhat.com/webinars/blackhat-kaminsky-dns-press-conference.mp3 Jeff

Re: Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Jay R. Ashworth
On Tue, Jul 08, 2008 at 05:12:04PM -0700, Lynda wrote: > The forum link also has a link to Dan's tool, where you can see if your > DNS server is vulnerable. As a /.er noted, running that tool after *accessing it via DNS* may not tell you anything, and I don't know that Kaminsky has himself public

Re: Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Jimmy Hess
Christian Koch wrote: surely the tool is not focused at a dns operator/admin audience.. I suspect the tool's form might partly be meant to obscure exactly what patterns it is looking for. Kind of how one might release a vulnerability checker in binary form (but with source code intentionally

Re: Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Jean-François Mezei
Re: the tool My DNS server does not serve the outside world. Incoming packets to port 53 are NAT directed to an non-existant IP on the LAN. The tool uses my internet facing IP as my DNS server and tells me I am vulnerable. Since, from the internet, connecting to that IP at port 53 will not get yo

Re: Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Chris Adams
Once upon a time, Jean-François Mezei <[EMAIL PROTECTED]> said: > The tool uses my internet facing IP as my DNS server and tells me I am > vulnerable. Since, from the internet, connecting to that IP at port 53 > will not get you to a DNS server, I find the tool's conclusion rather > without much va

Re: Multiple DNS implementations vulnerable to cache poisoning

2008-07-08 Thread Michael C. Toren
On Tue, Jul 08, 2008 at 06:26:01PM -0700, Lynda wrote: > Owen DeLong wrote: > > The tool, unfortunately, only goes after the server it thinks you are > > using to recurse from the client where you're running your browser. > > > > This makes it hard to test servers being used in production > > envir