DNS doozy, is there a 6.5.22m fix for this?

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
nekonoko
Site Admin
Site Admin
Posts: 8139
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Re: DNS doozy, is there a 6.5.22m fix for this?

Unread postby nekonoko » Mon Sep 29, 2008 6:57 am

Ha, they changed it - even has pretty graphics! This is what I get now:

Code: Select all

   1. 64.81.247.28 (wadatsumi.nekochan.net) appears to have GREAT source port randomness and GREAT transaction ID randomness.


Of course, BIND has been updated a couple times since I last tested, so maybe that has something to do with it too.

http://entropy.dns-oarc.net/test/

... and:

Code: Select all

# dig +short txidtest.dns-oarc.net TXT
txidtest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"64.81.247.28 is GREAT: 26 queries in 0.4 seconds from 25 txids with std dev 19131"
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

User avatar
hamei
Posts: 10427
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: DNS doozy, is there a 6.5.22m fix for this?

Unread postby hamei » Mon Sep 29, 2008 8:17 am

nekonoko wrote:Ha, they changed it - even has pretty graphics! This is what I get now:

Code: Select all

   1. 64.81.247.28 (wadatsumi.nekochan.net) appears to have GREAT source port randomness and GREAT transaction ID randomness.

Oh poop. And I was winning until we got to the flag :(

SAQ
Posts: 5868
Joined: Wed Jul 19, 2006 8:37 am
Location: Renton, WA

Re: DNS doozy, is there a 6.5.22m fix for this?

Unread postby SAQ » Sat Mar 28, 2009 4:55 pm

No 6.5.22 fix, but they released a 6.5.28,29 &30 fix for this about a month and a half ago (forgot about it).

Patch 7228.

I wonder if you could force install on .22. I'd have to see what BIND changes SGI made since then, I guess.
"Brakes??? What Brakes???"

"I am O SH-- the Great and Powerful"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)

zuluchas
Donor
Donor
Posts: 270
Joined: Wed Jun 25, 2008 10:41 am
Location: Washington, DC, USA

Re: DNS doozy, is there a 6.5.22m fix for this?

Unread postby zuluchas » Sun Nov 15, 2009 11:07 am

BTW, Patch 7228 has been replaced by 7234 as of 6 Nov '09 and is available for dl from supportfolio. Good to see SGI's still giving some support!

I tried using sgisync to pick it up, but got no joy with version 0.64.

On an octane running 6.5.22 (unpatched), I had mixed results:

Code: Select all

charmed 1# dig +short txidtest.dns-oarc.net TXT
txidtest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"1.2.3.4 is GREAT: 26 queries in 2.7 seconds from 26 txids with std dev 17795"
charmed 2# uname -aR
IRIX64 charmed 6.5 6.5.22m 10070055 IP30
charmed 3# dig +short porttest.dns-oarc.net TXT
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"1.2.3.4 is POOR: 26 queries in 2.7 seconds from 26 ports with std dev 8"
charmed 4#


I won't get around to trying out this patch anytime soon, but hope it helps someone!
:A350R: :Onyx2: :4D220VGX: :Indigo: :Octane2: :O2: :Indigo2IMP: :O3x0: :Indy:


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest