Hi everyone,
I did an scan on my DNS using Internet Scanner and the following vulnerability was
reported:
dns-badseq (198) Low Risk
A reply with a bad sequence to a DNS server has been made
Description:
An attempt to send a reply to a DNS (Domain Name System) server with a bad sequence
number has been made. DNS servers should not accept out of
sequence replies.
Platforms Affected:
DNS Any version
Remedy:
Update your DNS server.
I believe this vulnerability implies that the DNS server is susceptible to DNS cache
poisoning i.e. make a DNS query to the DNS server and then flood the DNS server with
spoofed replies. Am I right?
I would like to verify to see if it's a false positive. In order to do that I need to
understand how Internet Scanner checked for this vulnerability e.g. sent DNS query for
www.xxx.com, flood DNS with DNS reply for www.xxx.com, check reply from DNS server to
see if it is the 'poisoned' entry.
Please correct me if I'm wrong but I don't think Internet Scanner allows me to check
how it probes for vulnerabilities. If so, can some one enlighten me how can I verify
this? Does anyone know how Internet Scanner check for this vulnerability? Using a
sniffer is one way but it's way too troublesome for a non-technical person.
Thanks.
soon hin
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
Meet Singles
http://corp.mail.com/lavalife
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
