Re: [Efw-user] EFW & DNS cache poisoning flaw

Fri, 01 Aug 2008 07:11:47 -0700 


Mike Tremaine wrote:
> 
> 
> 
> I double checked the DNSmasq upgraded EFW I have deployed and did my 
> local patched server and the results from Doxpara come back the same. It 
> says it appears to be fine but to check this list and then shows some 
> port numbers [which do not seem to change by the way.]
> 
> Another test is to use dns-oarc.net
> 
> dig +short porttest.dns-oarc.net TXT
> 
> In windows you can use nslookup
>  > nslookup
>  > set type=txt
>  > porttest.dns-oarc.net
> 
> 
> As far as I can tell the new version of DNSmasq does help but remember 
> that it has to ask an upstream DNS server and word is that lots of ISP's 
> have failed to do the upgrade.
> 
> -Mike
> 
> 
> 


Hi,

Do you mean you get the same results with dnsmasq 2.43 as with the previous
version ?
I also ran the test from dns-oarc.net

I get strange results.

I tried with dnsmasq 2.43, but the quety times out, it tells me it can't
find the name server.
On the efw box, i killed dnsmasq, and launched it again, but without the
arguments from the rc file.
#killall dnsmasq && dnsmasq


If I run this from my primary dns:
#dig +short porttest.dns-oarc.net TXT
It tells me my dns security is POOR
"x.y.z.w is POOR: 26 queries in 5.0 seconds from 26 ports with std dev 7"


But if i try
#dig @firewall +short porttest.dns-oarc.net TXT
"208.69.34.8 is GREAT: 26 queries in 4.0 seconds from 26 ports with std dev
19093"
(@firewall is my efw)
I think 208.69.34.8 must belong to openDNS.
So I'm a bit confused, i tried to forward the dns queries to my efw, but it
doesn't make the trick.

By the way, I replaced my isp's dns with  the openDNS servers, since my isp
didn't seem to have patched their servers (according to the tests I ran
yesterday).

Any idea ?

-- 
View this message in context: 
http://www.nabble.com/EFW---DNS-cache-poisoning-flaw-tp18771635p18775177.html
Sent from the efw-user mailing list archive at Nabble.com.


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user






















					Reply via email to