07-24-2008 10:57 AM
Guys , just checking on IronPort they do have DNS cache did they patch these and what release addressing the patch :
http://www.kb.cert.org/vuls/id/800113
07-24-2008 02:21 PM
Check this:
https://www.ironportnation.com/forums/viewtopic.php?t=948
07-26-2008 10:42 PM
As the advisory says, IronPort is not vulnerable to this problem.
However if you are using an upstream DNS server (rather than using the "root servers") and that upstream server (or it's upstream, etc) is vulnerable to this problem then it's still possible for your IronPort receive invalid data.
So please, if you're using an upstream DNS server please check with your ISP or whoever provides it to make sure that they are taking the relevant precautions to make sure they are not are vulnerable to this problem.
You can do a basic test to check if your upstream servers are vulnerable by running the following from your IronPort :
myironport> nslookup porttest.dns-oarc.net txt
TXT="63.251.57.82 is GOOD: 26 queries in 155.3 seconds from 26 ports with std dev 14911.47"
TTL=30m
If you get a POOR or FAIR then it means you've got a problem. If you get a GOOD it means that the last DNS server in the chain is OK, but any in the middle could still be vulnerable.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: