[dns-operations] AT&T DNS Cache Poisoning?

bert hubert bert.hubert at netherlabs.nl
Sun Oct 28 05:55:49 UTC 2012


On Sat, Oct 27, 2012 at 06:11:32PM -0700, David Conrad wrote:
> On Oct 27, 2012, at 1:37 PM, Robert Edmonds <edmonds at isc.org> wrote:
> > i don't think it's cache poisoning.  note that there are two out-of-zone
> > nameservers for ben.edu:
> ...
> > and that bobbroadband.com was updated recently,
> 
> Good catch! Makes sense.  I checked the history on ben.edu but didn't think to check the rest of the delegation tree. D'oh.

Thus continuing the trend that all purported cache poisonings observed have
been registry hacks.

It appears that source port randomization works. 

Probably the only vulnerable servers are those behind NAT that derandomizes
the source port. But important servers are unlikely to suffer from network
address translation.

	Bert




More information about the dns-operations mailing list