All, As if one was not enough, eh! Well like I have been harping on, here is another that has finally been recognized that has been around for awhile as well... Seems that the ISC hasn't fixed or reported this one either... >:( Here also is a new tool for users or admins. to check with: https://www.dns-oarc.net/oarc/services/dnsentropy 08.31.22 CVE: CVE-2008-1447 Platform: Cross Platform Title: Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Description: Multiple vendors' implementations of the DNS protocol are exposed to a DNS-spoofing issue because the software fails to securely implement random values when performing DNS queries. Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases are affected. Ref: http://www.securityfocus.com/archive/1/494716 Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827