[<prev] [next>] [thread-next>] [month] [year] [list]
Date: Wed, 09 Jul 2008 14:07:01 +0200
From: Matthias Geerdsen <vorlon@...too.org>
To: oss-security@...ts.openwall.com
Subject: DNS vulnerability: other relevant software
Hi,
looking at some of the DNS related software in our tree, I thought it
might be nice to keep track of any findings of affected and unaffected
packages...
So here is a start:
- posadis [1]:
has not seen an update since dec 2004; I could not find any info on
port randomization etc., but considering the age it might probably have
other issues too.
- dnsmasq [2]:
no port randomization [3]
- pdnsd [4]:
no info yet
- MaraDNS [5]:
"MaraDNS uses a strong secure RNG for both the query (16 bits of
entropy) and the source port of the query (12 bits of entropy). This
makes spoofing replies to a MaraDNS server more difficult, since the
attacker has only a one in 250 million chance that a given spoofed reply
will be considered valid." [6]
- MyDNS [7]:
"MyDNS does not include recursive name service, nor a resolver library."
also this thread [8]
- DNRD [9]: "Uses random source port and random query ID's to prevent
cache poisoning."
Matthias
[1] <http://posadis.sourceforge.net/>
[2] <http://www.thekelleys.org.uk/dnsmasq/doc>
[3]
<http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002147.html>
[4] <http://www.phys.uu.nl/~rombouts/pdnsd/>
[5] <http://www.maradns.org/>
[6] <http://www.maradns.org/tutorial/man.maradns.html>
[7] <http://mydns.bboy.net/>
[8]
<http://sourceforge.net/mailarchive/forum.php?thread_name=714ef0060807081802h4e52a70ak4f52e06c11e2abfe%40mail.gmail.com&forum_name=mydns-users>
[9] <http://dnrd.sourceforge.net/>
--
Matthias Geerdsen (vorlon)
Gentoo Linux Security Team
http://security.gentoo.org
[ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux