DnsWhat : New DNS cache poisoning attack scanner
This tool’s functionality is twofold: (1) scan the designated network segment for active DNS servers and (2) sniff off the wire to determine whether DNS servers (localhost or on the local segment) are vulnerable to the new DNS cache poisoning attack.
This program is made for the purpose of sniffing off the wire in order to
determine whether DNS servers (localhost or on the local segment) are vulnerable to the new DNS cache poisoning attack.
The only strict requirement for this file is libpcap, which is used to sniff
for the appropriate host to test. Ideally, this file should be used locally on
the DNS server to be tested; but can also be performed remotely if the testing
system can reliably sniff the targets packets. If this test is being performed
remote from the target DNS server, the target DNS server *must* be set as the testing host’s nameserver (/etc/resolv.conf or otherwise).
Post scriptum
Compliance Mandates
|
Related Articles
Vulnerability Scanner |
|