[AusNOG] DNS Cache Poisoning Vulnerability
Noel Butler
noel.butler at ausics.net
Fri Aug 8 10:17:35 EST 2008
On Fri, 2008-08-08 at 09:36, Craig Askings wrote:
> Hi Brent,
>
> There are two parts to the cache poisoning vulnerability, lack of source
> port randomisation and poor transaction ID randomisation.
>
> Those servers have been patched to fix the transaction ID randomisation
> problem, but not the source port issue. Some tools test both, some don't.
> But having both fixed is ideal.
>
> If anyone has found source port randomisation patch for Bind 9.2 please
> contact me of list.
>
EH? 9.2 was EOL last September
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20080808/a2fe4eef/attachment.html>
More information about the AusNOG
mailing list