Re: Actual BIND error - Patching OpenBSD 4.3 named ?

[Steve Tornio]

On Jul 9, 2008, at 4:53 AM, Rod Whitworth wrote:


# tcpdump -nettti rl0 dst port 53
tcpdump: listening on rl0, link-type EN10MB
Jul 09 19:48:27.786683 00:01:80:0f:2b:94 00:00:24:c6:18:85 0800 70:
192.168.80.4.16284 > 192.168.80.1.53: 57120+ A? pps.com.au. (28)
Jul 09 19:48:43.690332 00:01:80:0f:2b:94 00:00:24:c6:18:85 0800 67:
192.168.80.4.1356 > 192.168.80.1.53: 32536+ A? ibm.com. (25)
Jul 09 19:49:11.013223 00:01:80:0f:2b:94 00:00:24:c6:18:85 0800 69:
192.168.80.4.14540 > 192.168.80.1.53: 29420+ A? intel.com. (27)
....

# uname -a
OpenBSD master.witworx.com 4.3 GENERIC#698 i386

Guess again.

Was that so hard to try?

I get a different result using the external interface of my caching  
name server, and mine looks vulnerable.

frank# tcpdump -nettti em1 dst port 53
tcpdump: listening on em1, link-type EN10MB
Jul 09 05:54:23.291421 00:0f:1f:04:8c:36 00:02:b9:38:23:f0 0800 82:  
xx.xx.9.35505 > 205.177.95.83.53: 27972 A? a1397.g.akamaitech.net. (40)
Jul 09 05:54:25.814869 00:0f:1f:04:8c:36 00:02:b9:38:23:f0 0800 86:  
xx.xx.95.9.35505 > 75.126.144.219.53: 58999% [1au] A? www.virg9lio.it.  
(44)
Jul 09 05:54:25.862953 00:0f:1f:04:8c:36 00:02:b9:38:23:f0 0800 87:  
xx.xx.95.9.35505 > 75.126.144.219.53: 2869% [1au] A? www.virgbilio.it.  
(45)
Jul 09 05:54:35.864421 00:0f:1f:04:8c:36 00:02:b9:38:23:f0 0800 87:  
xx.xx.95.9.35505 > 75.126.217.184.53: 43066% [1au] A?  
www.virgbilio.it. (45)
Jul 09 05:54:42.188507 00:0f:1f:04:8c:36 00:02:b9:38:23:f0 0800 102:  
xx.xx.95.9.35505 > 216.239.36.10.53: 20026% [1au] A?  
safebrowsing.clients.google.com. (60)
Jul 09 05:54:42.214185 00:0f:1f:04:8c:36 00:02:b9:38:23:f0 0800 91:  
xx.xx.95.9.35505 > 64.233.167.9.53: 29212% [1au] A?  
clients.l.google.com. (49)
Jul 09 05:54:42.347093 00:0f:1f:04:8c:36 00:02:b9:38:23:f0 0800 85:  
xx.xx.95.9.35505 > 198.105.192.254.53: 9616% [1au] A? log.wip.go.com.  
(43)
Jul 09 05:54:42.678103 00:0f:1f:04:8c:36 00:02:b9:38:23:f0 0800 96:  
xx.xx.95.9.35505 > 64.233.167.9.53: 17632% [1au] A?  
static.cache.l.google.com. (54)

frank# uname -a
OpenBSD frank.placeholder.com 4.3 GENERIC#698 i386