DNS Exposure
Results 1 to 7 of 7

Thread: DNS Exposure

  1. #1
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378

    Question DNS Exposure

    http://www.enterpriseitplanet.com/se...le.php/3806986

    How would someone determine if the DNS servers they use are vulnerable to this flaw?
    In God We Trust....Everything else we backup.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Ron,

    Try this:

    https://www.dns-oarc.net/oarc/services/dnsentropy

    My take on it is that if you get "Great" as a rating you are not as vulnerable as you might be. Anything else and you certainly have problems.

    Also the vulnerability checker link on this site (needs Java?)

    http://www.dnsstuff.com/

    And Steve Gibson?

    https://www.grc.com/dns/dns.htm

  3. #3
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Personally, I would just flat out ask hosting companys to move domains around for me.

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    OpenDNS tests great, as well as my ISP. I suspect most ISP's will test fine.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    Banned
    Join Date
    Jan 2008
    Posts
    605
    "Something of this scale... go ahead and go out, say that there is all these issues and to spin up all this press and all this hype. And to ask everyone to patch with no good technical details... this... this is the mark of bull."

    -Dan Kaminsky at O'Reilly FOO Camp 2008.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    What Kaminsky actually said was (paraphrased):

    But I went out with no other hackers. And there was a lot of skepticism and there should have been. Because I've got to tell you -- something of this scale -- to go ahead and go out and say that there's all these issues and spin up all this press and all of this hype and ask everyone to patch with no good technical details. This is the mark of bull, this is -- it's so easy to make stuff up. If I'm doing it here, wouldn't anyone be able to do that?



    Now I eventually remediated this to some degree by bringing in some of my loudest detractors, pulling them aside getting a con call and saying alright, guys, here's the deal. And, to their credit, Tom Ptacek's credit, Dino Dai Zovi's credit, they (went) ahead and they went online and said, 'Oh my God, we're in trouble.' I think the exact quote is, "Dan's got the goods."


    Well, this is true. I kind of wish I didn't, 'cause it's a lot of responsibility, but yeah, I've got the goods. And on August 6, 2008 the goods are getting out. The bug is not going to last much longer. I don't even know if it's going to last until August 6th, frankly, based on the emails that I'm getting.



    So this is my request to all of you in the room and this is my request to everyone watching this video. The DNS bug is real. I am not messing around here. I am doing absolutely everything above and beyond what I ever thought was possible and a lot of people are cooperating well.


    We need to fix this. If it is a recursive nameserver that does lookups to names on the internet you must, must patch it, or you must, must decommission it.
    So I guess that he was referring to the "not invented here" or "why didn't I discover that?" syndrome which is not uncommon amongst academics, intellectuals, and highly specialised technicians.

    Actually, I found his comment and some of the initial reaction he got rather surprising. I would have thought that the last thing that someone trying to establish or maintain a reputation in the security field would want to do would be to put their name to something that could be proven to be a load of hysterical bullcrap?

    I certainly gave him the benefit of the doubt
    Last edited by nihil; February 28th, 2009 at 08:16 AM.

  7. #7
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Yeah, ^thats^ a misquote.

    *Presses his hands agianst his screen to cover Nihil's post*

Similar Threads

  1. ntoinsight
    By mmkhan in forum Web Security
    Replies: 4
    Last Post: August 25th, 2004, 10:40 AM
  2. Now I'm curious.... And I need your help....
    By Tiger Shark in forum Network Security Discussions
    Replies: 38
    Last Post: April 20th, 2004, 06:22 PM
  3. Personal Risk Resulting From IP Exposure?
    By ragnfild in forum Miscellaneous Security Discussions
    Replies: 4
    Last Post: August 9th, 2002, 03:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •