The DNS server at IP address 18.104.22.168 is susceptible to a DNS cache poisoning attack. The server is not changing its source port, query id, or both, between queries. This means it is easier than average for an attacker to spoof responses to DNS queries from this server, causing the server to serve a potentially malicious DNS record in response to any query.
Click here for more details on this vulnerability and how to patch it.
If you are not in control of your own DNS server, contact your DNS provider but do not be unduly concerned in the near term. IT administrators have only recently been apprised of this issue, and should have time to safely evaluate and deploy a fix.
|DNS Server Address||Query source port||Query ID|
Based on the results, the DNS server is vulnerable if the IPs AND the source ports match, or the query IDs match. Matching query source ports or query IDs make it easier to spoof fake results to the DNS server, poisoning its cache.
We encourage you to run DNSreport to make sure your DNS is configured properly. This comprehensive health check runs 55 tests against your domain, pinpoints the issue and offers mitigation steps on how to fix it. You can automate this report with DNSalerts – we will monitor your DNS around-the-clock and notify you via email if problems arise.
Note: This critical DNS flaw was discovered by Dan Kaminsky, Director of Penetration Testing for IOActive. To learn more, visit doxpara.com.