http://www.enterpriseitplanet.com/se...le.php/3806986
How would someone determine if the DNS servers they use are vulnerable to this flaw?
Printable View
http://www.enterpriseitplanet.com/se...le.php/3806986
How would someone determine if the DNS servers they use are vulnerable to this flaw?
Hi Ron,
Try this:
https://www.dns-oarc.net/oarc/services/dnsentropy
My take on it is that if you get "Great" as a rating you are not as vulnerable as you might be. Anything else and you certainly have problems.
Also the vulnerability checker link on this site (needs Java?)
http://www.dnsstuff.com/
And Steve Gibson? :lildevil:
https://www.grc.com/dns/dns.htm
Personally, I would just flat out ask hosting companys to move domains around for me.
OpenDNS tests great, as well as my ISP. I suspect most ISP's will test fine.
"Something of this scale... go ahead and go out, say that there is all these issues and to spin up all this press and all this hype. And to ask everyone to patch with no good technical details... this... this is the mark of bull."
-Dan Kaminsky at O'Reilly FOO Camp 2008.
What Kaminsky actually said was (paraphrased):
So I guess that he was referring to the "not invented here" or "why didn't I discover that?" syndrome which is not uncommon amongst academics, intellectuals, and highly specialised technicians.Quote:
But I went out with no other hackers. And there was a lot of skepticism and there should have been. Because I've got to tell you -- something of this scale -- to go ahead and go out and say that there's all these issues and spin up all this press and all of this hype and ask everyone to patch with no good technical details. This is the mark of bull, this is -- it's so easy to make stuff up. If I'm doing it here, wouldn't anyone be able to do that?
Now I eventually remediated this to some degree by bringing in some of my loudest detractors, pulling them aside getting a con call and saying alright, guys, here's the deal. And, to their credit, Tom Ptacek's credit, Dino Dai Zovi's credit, they (went) ahead and they went online and said, 'Oh my God, we're in trouble.' I think the exact quote is, "Dan's got the goods."
Well, this is true. I kind of wish I didn't, 'cause it's a lot of responsibility, but yeah, I've got the goods. And on August 6, 2008 the goods are getting out. The bug is not going to last much longer. I don't even know if it's going to last until August 6th, frankly, based on the emails that I'm getting.
So this is my request to all of you in the room and this is my request to everyone watching this video. The DNS bug is real. I am not messing around here. I am doing absolutely everything above and beyond what I ever thought was possible and a lot of people are cooperating well.
We need to fix this. If it is a recursive nameserver that does lookups to names on the internet you must, must patch it, or you must, must decommission it.
Actually, I found his comment and some of the initial reaction he got rather surprising. I would have thought that the last thing that someone trying to establish or maintain a reputation in the security field would want to do would be to put their name to something that could be proven to be a load of hysterical bullcrap?
I certainly gave him the benefit of the doubt:)
Yeah, ^thats^ a misquote.
*Presses his hands agianst his screen to cover Nihil's post*