This is a discussion on Re: dns exploit - DNS ; Granted it's nice to have good, working tools. I'm just surprised that someone wrote a perl script to test this vulnerability when the dig test already existed. As for the different results, all I can say is that's pretty odd. ...
Granted it's nice to have good, working tools. I'm just surprised that
someone wrote a perl script to test this vulnerability when the dig
test already existed.
As for the different results, all I can say is that's pretty odd. I'd
like to know what ISC has to say about this.
Men & Mice
On Jul 25, 2008, at 11:02 PM, Brian Keefer wrote:
> On Jul 25, 2008, at 10:43 PM, Chris Buxton wrote:
>> That sure seems like a lot of work when you could just:
>> dig porttest.dns-oarc.net txt +short @server-ip
>> For example:
>> $ dig porttest.dns-oarc.net txt +short @22.214.171.124
>> z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b. a.pt.dns-oarc.net.
>> "126.96.36.199 is GOOD: 26 queries in 3.9 seconds from 26 ports with
>> std dev 19886.66"
>> Notice the word "GOOD" in the output. Also notice the standard
>> deviation shown at the end - you want 5 digits before the decimal
>> Chris Buxton
>> Professional Services
>> Men & Mice
> Trust me, I'm not trying to say this way is better, I'm just saying
> if you're going to use noclicky, make sure it's giving you the right
> results. Most people using noclicky probably already found the
> problem and fixed it on their own, but I just wanted to get the
> correction publicized for those who might be relying on it without
> understanding it. It seems a bit more polite to the author than to
> simply say "don't use that, it's broken". *shrug*
> Also, I noticed that doxpara/noclicky have different results for my
> nameservers than porttest.dns-oarc.net has. doxpara says I fail, dns-
> oarc.net says I pass. Looking at a tcpdump I see that the queries
> indeed use the same port for doxpara, but different ports for dns-
> oarc. I haven't had a chance to look closely enough yet to figure
> out why that is.
> Brian Keefer
> Sr. Systems Engineer
> "Defend email. Protect data."