DnsWhat : New DNS cache poisoning attack scanner

by

In: Vulnerability Scanner

12 July 2008

This tool’s functionality is twofold: (1) scan the designated network segment for active DNS servers and (2) sniff off the wire to determine whether DNS servers (localhost or on the local segment) are vulnerable to the new DNS cache poisoning attack.

This program is made for the purpose of sniffing off the wire in order to
determine whether DNS servers (localhost or on the local segment) are vulnerable to the new DNS cache poisoning attack.

The only strict requirement for this file is libpcap, which is used to sniff
for the appropriate host to test. Ideally, this file should be used locally on
the DNS server to be tested; but can also be performed remotely if the testing
system can reliably sniff the targets packets. If this test is being performed
remote from the target DNS server, the target DNS server *must* be set as the testing host’s nameserver (/etc/resolv.conf or otherwise).

Post scriptum

Compliance Mandates

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Vulnerability Scanner