[YLUG] DNS vulnerability - your ISP

Tom Hayward nessieliberation at gmail.com
Thu Aug 14 15:20:34 UTC 2008 

2008/8/1 mike cloaked <mike.cloaked at gmail.com>:
> On Fri, Aug 1, 2008 at 10:01 AM, Matthew Gates <matthew at porpoisehead.net> wrote:
>> I've been using openDNS for a little while now.  They check out just fine
>> according to the site Mike posted (GREAT randomness for both source ports
>> and transaction ports).
>>
>> I was curious about the ones which BT provide via their broadband deal, so I
>> told my router to use them and then took the test.  Source ports
>> were "POOR", although transactions ports were "GREAT".
>
> Interesting and worrying !
>
> I can also post a few other useful urls:
>
> http://member.dnsstuff.com/pages/tools.php?ptype=free
> Click on Test Now - and this does another test.

Tiscali's own dns gets good across the board on that test



> Also there is a lot more information at
> http://marc.info/?l=bind-users&m=121754031625416&w=2
> and
> http://groups.google.com/group/comp.protocols.dns.bind/msg/b6c67170b468d693
>
> I also note that my brother started seeing some strange lines in his
> logs a few days ago that had kaminsky specifically in the name, but I
> have just discovered that:
> " client 149.20.56.10#10053: query:
>> not-an-attack.dan-kaminsky.browse-deluvian.doxpara.com IN ANY +
>>
>> The ip address goes back to isc.org so just wondering if there is a spider
>> of sorts running to determine whose name server is running what version or
>> something.
>
> yes, isc is supporting several dns spiders who are measuring the population
> of patched vs. unpatched, and measuring for poison injections."
>
> This was from the "bind-users" list... so the "not-an-attack... etc"
> kaminsky reference is in fact a monitor spider set up at doxpara and
> not a dns attack at all - which is re-assuring!  However yesterday my
> brother placed an ip address block in his firewall so that these went
> into a black hole - he was getting them about every 10 minutes!
>
> --
> mike
>
> _______________________________________________
> York mailing list
> York at lists.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/york
>

More information about the York mailing list