Granted it's nice to have good, working tools. I'm just surprised that someone wrote a perl script to test this vulnerability when the dig test already existed.
As for the different results, all I can say is that's pretty odd. I'd like to know what ISC has to say about this. Chris Buxton Professional Services Men & Mice On Jul 25, 2008, at 11:02 PM, Brian Keefer wrote: > On Jul 25, 2008, at 10:43 PM, Chris Buxton wrote: > >> That sure seems like a lot of work when you could just: >> >> dig porttest.dns-oarc.net txt +short @server-ip >> >> For example: >> >> $ dig porttest.dns-oarc.net txt +short @217.151.171.7 >> z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. >> "217.151.171.7 is GOOD: 26 queries in 3.9 seconds from 26 ports with >> std dev 19886.66" >> >> Notice the word "GOOD" in the output. Also notice the standard >> deviation shown at the end - you want 5 digits before the decimal >> point. >> >> Chris Buxton >> Professional Services >> Men & Mice > > Trust me, I'm not trying to say this way is better, I'm just saying > if you're going to use noclicky, make sure it's giving you the right > results. Most people using noclicky probably already found the > problem and fixed it on their own, but I just wanted to get the > correction publicized for those who might be relying on it without > understanding it. It seems a bit more polite to the author than to > simply say "don't use that, it's broken". *shrug* > > Also, I noticed that doxpara/noclicky have different results for my > nameservers than porttest.dns-oarc.net has. doxpara says I fail, dns- > oarc.net says I pass. Looking at a tcpdump I see that the queries > indeed use the same port for doxpara, but different ports for dns- > oarc. I haven't had a chance to look closely enough yet to figure > out why that is. > > > > Brian Keefer > Sr. Systems Engineer > www.Proofpoint.com > "Defend email. Protect data." >
