Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Mike Tremaine <mgt-DY+kYuDXiUrz68fS/h/p8A <at> public.gmane.org>
Subject: Re: EFW & DNS cache poisoning flaw
Newsgroups: gmane.comp.security.firewalls.efw.user
Date: Friday 1st August 2008 13:43:51 UTC (over 8 years ago)
sysucl wrote:
> Hello everyone,
> 
> My LAN is behind an endian firewall box (v.1.1). I upgraded my local DNS
> servers (bind9) to prevent dns cache poisonning. 
> My local DNS are configured to forward to OpenDNS servers for the
"outside"
> servers.
> 
> When I perform a test (e.g. on doxpara website), it seems that i'm still
> vulnerable.
> I browsed this forum and upgraded dnsmasq to version 2.43, but it doesn't
> seem to fix my problem.
> It seems that the EFW box cancels the benefit of random udp source ports
on
> the bind9 servers;
> 
> Can anyone help me with this issue ?
> Thanks
> 
> ps: I can upgrade to a newer version of EFW if necessary, but I want to
be
> sure this will solve the problem, since it involves interrupting internet
> access for some time.
> 
> 

I double checked the DNSmasq upgraded EFW I have deployed and did my 
local patched server and the results from Doxpara come back the same. It 
says it appears to be fine but to check this list and then shows some 
port numbers [which do not seem to change by the way.]

Another test is to use dns-oarc.net

dig +short porttest.dns-oarc.net TXT

In windows you can use nslookup
 > nslookup
 > set type=txt
 > porttest.dns-oarc.net


As far as I can tell the new version of DNSmasq does help but remember 
that it has to ask an upstream DNS server and word is that lots of ISP's 
have failed to do the upgrade.

-Mike

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
 
CD: 12ms