DNS vulnerable, any chance that a patch is being considered?



  • If you go here:  www.doxpara.com you can read details on a new DNS server security flaw that has been discovered, which pretty much covers ALL dns server implementations.

    Since there is not any discussion here in this forum on the issue, wanted to make sure that people were aware of it.  You can test your DNS server by going to the above web site, and clicking the "Test My DNS" buttton.  When I did so, it reported the following:

    Your name server, at 68.87.72.133, may be safe, but the NAT/Firewall in front of it appears to be interfering with its port selection policy. The difference between largest port and smallest port was only 465.

    Please talk to your firewall or gateway vendor – all are working on patches, mitigations, and workarounds.
    Requests seen for 1a8906b78bf4.toorrr.com:
    68.87.72.133:25728 TXID=19664
    68.87.72.133:25700 TXID=46559
    68.87.72.133:25717 TXID=57231
    68.87.72.133:25461 TXID=4704
    68.87.72.133:25263 TXID=24983

    Well, pfsense.org is my firewall vendor, or as close as it gets.  I understand that it is made up of many open-source packages, so they are not responsible for the individual peices per se, but as a whole package I feel they are.  I would be happy to help beta-test any new fixes for this that the developers feel need to be made.  I am not sure if the port range notice is a setting in pfSense, or hard coded in the dns software that it uses.

    Sincerely,

    John Elliott



  • Can you be more specific which article you mean on this page?

    Or are you talking about this issue?
    http://blog.pfsense.org/?p=209
    http://blog.pfsense.org/?p=210



  • What GruensFroeschli linked is appropriate if you're using the DNS forwarder. If you're using the DNS forwarder, what it's reporting on is your ISP's DNS servers.


Log in to reply