Captive Stopped

Tuc at T-B-O-H.NET ml at t-b-o-h.net
Tue Jul 22 18:11:51 UTC 2008


Hi,

	Vulnerability Note VU#800113
Multiple DNS implementations vulnerable to cache poisoning

http://www.kb.cert.org/vuls/id/800113

	Any recursive DNS that hasn't been patched in July 2008
is most likely vulnerable to it. 

	Hrm, it seems like the date of the fun has been moved up
to TONITE. Apparently the exploit is already in the wild as of last
nite. On the blog of the person that found it (http://www.doxpara.com):

13>0

Patch.  Today.  Now. Yes, stay late.  Yes, forward to OpenDNS if you have to.  
(They're ready for your traffic.)  Thank you to the many of you who already have.



		Tuc
> 
> To be safe, what "DNS fun" are you referring to, Tuc?
> 
> On Tue, Jul 22, 2008 at 1:36 PM, Tuc at T-B-O-H.NET <ml at t-b-o-h.net> wrote:
> > Hi,
> >
> >        Its a double edged sword though. If the unit reboots and
> > doesn't get the information immediately, then it never will. We
> > found that paying attention to the DNS and making sure it never
> > had to remotly look it up resolved it 90% of the way. The other
> > 10 % is just the fact that if it doesn't get it, it will in
> > the next hour.
> >
> >        Speaking of DNS, hopefully everyone is ready for the
> > DNS fun on Aug 7th. If anyone needs help patching/testing, lemme
> > know. Otherwise, will be interesting to see all the fun people
> > have on Aug 7th!
> >
> >                Tuc
> >>
> >> Hmmm, I'll test it....
> >>
> >> And I post the results here....
> >>
> >>
> >> Em Ter, 2008-07-22 às 12:23 -0300, Marco Simioni escreveu:
> >> > nano /etc/init.d/chilli
> >> >
> >> > find the following row (nearly row 19)
> >> >
> >> > OPTS="--pidfile /var/run/$NAME.pid"
> >> >
> >> > and add the interval option like this
> >> >
> >> > OPTS="--pidfile /var/run/$NAME.pid --interval 0"
> >> >
> >> > Regards
> >> >
> >> > Marco
> >> >
> >> >
> >> >
> >> > 2008/7/22 Outback Dingo <outbackdingo at gmail.com>:
> >> > >
> >> > > Exactly how and where did you do this ? its worth testing
> >> > >
> >> > >> I had to disable automatic config reload and automatic DNS look-up,
> >> > >> adding the interval parameter to the startup script, and now the
> >> > >> problem has gone.
> >> > >
> >> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> > For additional commands, e-mail: chilli-help at coova.org
> > Wiki: http://coova.org/wiki/index.php/CoovaChilli
> > Forum: http://coova.org/phpBB3/viewforum.php?f=4
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
> 
> 




More information about the Chilli mailing list