DNS Server Source Port 53 Query Usage

Medium Nessus Network Monitor Plugin ID 4601


The remote DNS server is vulnerable to a cache-poisoning attack.


The remote host is running a DNS server that is configured to use port 53 as its source port for queries. This is extremely dangerous as an attacker only needs to spoof a 16-bit transaction ID in order to poison the DNS cache. A poisoned cache means that DNS clients can be directed to rogue sites and greatly simplifies phishing attacks.


Ensure that the DNS server is fully patched and can utilize a wide range of UDP source port numbers. For ISC servers, ensure that the following line does not exist within the configuration file: "query-source address * port 53;"

See Also


Plugin Details

Severity: Medium

ID: 4601

File Name: 4601.prm

Family: DNS Servers

Published: 2008/07/22

Modified: 2017/02/02

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 6.4

Temporal Score: 5.9


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2008-1447

BID: 30131

IAVA: 2008-A-0045