nanog mailing list archives
Re: Multiple DNS implementations vulnerable to cache poisoning
From: Brian Keefer <chort () smtps net>
Date: Fri, 25 Jul 2008 02:28:53 -0700
On Jul 11, 2008, at 7:58 AM, Tuc at T-B-O-H.NET wrote:
Reading through the JavaScript that drives <http://www.doxpara.com/>,it appears to be pretty easy to write a non-AJAX client to query Dan's service. I threw one together in perl, named "noclicky", that allows you to use Dan's service against any nameserver specified on the command line. You can download a copy from <http://michael.toren.net/code/ noclicky/>.It looks like Dan changed what it returns, and noclicky 1.00 getsconfused. You can fix this, atleast until MCT comes out with a new version,by putting : my $date = shift @data; before the line : print "Requests seen for $domain:\n"; Tuc/TBOH
Sorry to necro this, but the original version will lead to a false sense of security and people might be finding it in the archives...
--- noclicky-1.00.pl Fri Jul 25 02:02:16 2008 +++ noclicky-1.01.pl Fri Jul 25 02:11:18 2008 @@ -64,10 +64,12 @@ my %ports; for my $data (@data) { - chomp($data); - my ($ip, $port, $txid) = split "-", $data; - print " $ip:$port TXID=$txid\n"; - $ports{$port} = 1; + if ($data =~ /^[1-9]/) { + chomp($data); + my ($ip, $port, $txid) = split "-", $data; + print " $ip:$port TXID=$txid\n"; + $ports{$port} = 1; + } } Thanks to Michael for the tool, though! Brian Keefer Sr. Systems Engineer www.Proofpoint.com "Defend email. Protect data."
Current thread:
- Re: Multiple DNS implementations vulnerable to cache poisoning, (continued)
- Re: Multiple DNS implementations vulnerable to cache poisoning Christian Koch (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Jimmy Hess (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Jean-François Mezei (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Chris Adams (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Michael C. Toren (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Jean-François Mezei (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Simon Waters (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Tuc at T-B-O-H.NET (Jul 11)
- Re: Multiple DNS implementations vulnerable to cache poisoning Brian Keefer (Jul 25)
- Re: Multiple DNS implementations vulnerable to cache poisoning Joe Greco (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Lynda (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Jeffrey Ollie (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth (Jul 08)
- Re: Multiple DNS implementations vulnerable to cache poisoning Christopher Morrow (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Steven M. Bellovin (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Christopher Morrow (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Steven M. Bellovin (Jul 09)
- RE: Multiple DNS implementations vulnerable to cache poisoning Martin Hannigan (Jul 09)