On 7/9/2008 at 5:58 AM Steve Tornio wrote: |On Jul 9, 2008, at 4:53 AM, Rod Whitworth wrote: |> |> |> # tcpdump -nettti rl0 dst port 53 |> tcpdump: listening on rl0, link-type EN10MB |> Jul 09 19:48:27.786683 00:01:80:0f:2b:94 00:00:24:c6:18:85 0800 70: |> 192.168.80.4.16284 > 192.168.80.1.53: 57120+ A? pps.com.au. (28) |> Jul 09 19:48:43.690332 00:01:80:0f:2b:94 00:00:24:c6:18:85 0800 67: |> 192.168.80.4.1356 > 192.168.80.1.53: 32536+ A? ibm.com. (25) |> Jul 09 19:49:11.013223 00:01:80:0f:2b:94 00:00:24:c6:18:85 0800 69: |> 192.168.80.4.14540 > 192.168.80.1.53: 29420+ A? intel.com. (27) |> .... |> |> # uname -a |> OpenBSD master.witworx.com 4.3 GENERIC#698 i386 |> |> Guess again. |> |> Was that so hard to try? | |I get a different result using the external interface of my caching |name server, and mine looks vulnerable. [snip] |frank# uname -a |OpenBSD frank.placeholder.com 4.3 GENERIC#698 i386
============= fwiw, I used the test on the website (http://www.doxpara.com/) and my OpenBSD 4.3 named server was flagged as vulnerable.
