[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning
Geoffrey Sisson
geoff at panix.com
Wed Jul 30 00:10:38 UTC 2008
vixie at isc.org (Paul Vixie) wrote:
> (noting that dave presotto told me he has changed "l.google.com" to stop
> stripping the 0x20 bits, which was the only truly scary outlier for 0x20.)
Sometime in the last few hours [a-h].l.google.com began stripping
0x20 from replies again:
------------------------ Begin included text ------------------------
; <<>> DiG 9.5.1b1 <<>> @a.l.google.com. wwW.L.GoOgLe.Com.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14314
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.l.google.com. IN A
;; ANSWER SECTION:
www.l.google.com. 300 IN A 74.125.19.104
www.l.google.com. 300 IN A 74.125.19.99
www.l.google.com. 300 IN A 74.125.19.103
www.l.google.com. 300 IN A 74.125.19.147
;; Query time: 48 msec
;; SERVER: 209.85.139.9#53(209.85.139.9)
;; WHEN: Tue Jul 29 17:02:59 2008
;; MSG SIZE rcvd: 98
------------------------- End included text -------------------------
They had been fine previously.
Geoff
More information about the dns-operations
mailing list