Multiple DNS implementations vulnerable to cache poisoning

Unanswered Question
Jul 24th, 2008

Guys , just checking on IronPort they do have DNS cache did they patch these and what release addressing the patch :

http://www.kb.cert.org/vuls/id/800113

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Doc_ironport Sat, 07/26/2008 - 22:42

As the advisory says, IronPort is not vulnerable to this problem.

However if you are using an upstream DNS server (rather than using the "root servers") and that upstream server (or it's upstream, etc) is vulnerable to this problem then it's still possible for your IronPort receive invalid data.

So please, if you're using an upstream DNS server please check with your ISP or whoever provides it to make sure that they are taking the relevant precautions to make sure they are not are vulnerable to this problem.

You can do a basic test to check if your upstream servers are vulnerable by running the following from your IronPort :
myironport> nslookup porttest.dns-oarc.net txt

TXT="63.251.57.82 is GOOD: 26 queries in 155.3 seconds from 26 ports with std dev 14911.47"
TTL=30m

If you get a POOR or FAIR then it means you've got a problem. If you get a GOOD it means that the last DNS server in the chain is OK, but any in the middle could still be vulnerable.

Actions

This Discussion