Ruby resolv.rb可预测事件ID和源端口DNS欺骗漏洞

14:41:43.917837 IP *.*.*.*.32852 > *.*.*.*.domain: 0+ A? www.ruby-lang.org. (35) 14:41:43.918776 IP *.*.*.*.domain > *.*.*.*.32852: 0 2/2/4 CNAME carbon.ruby-lang.org., A 221.186.184.68 (211) 14:41:43.920715 IP *.*.*.*.32853 > *.*.*.*.domain: 3787+ PTR? rev.dns.rec.some.name.of.the.host.in-addr.arpa. (43) 14:41:43.921029 IP *.*.*.*.domain > *.*.*.*.32853: 3787* 1/3/4 PTR some.name.of.the.host. (217) 14:41:43.925438 IP *.*.*.*.32852 > *.*.*.*.domain: 1+ A? www.ruby-lang.org. (35) 14:41:43.925745 IP *.*.*.*.domain > *.*.*.*.32852: 1 2/2/4 CNAME carbon.ruby-lang.org., A 221.186.184.68 (211) 14:41:43.926152 IP *.*.*.*.32853 > *.*.*.*.domain: 27846+ PTR? rev.dns.rec.some.name.of.the.host.in-addr.arpa. (43) 14:41:43.926440 IP *.*.*.*.domain > *.*.*.*.32853: 27846* 1/3/4 PTR some.name.of.the.host. (217) 14:41:43.930274 IP *.*.*.*.32852 > *.*.*.*.domain: 2+ A? www.ruby-lang.org. (35) 14:41:43.930571 IP *.*.*.*.domain > *.*.*.*.32852: 2 2/2/4 CNAME carbon.ruby-lang.org., A 221.186.184.68 (211) 14:41:43.930988 IP *.*.*.*.32853 > *.*.*.*.domain: 49648+ PTR? rev.dns.rec.some.name.of.the.host.in-addr.arpa. (43) 14:41:43.931266 IP *.*.*.*.domain > *.*.*.*.32853: 49648* 1/3/4 PTR some.name.of.the.host. (217) 14:41:43.935016 IP *.*.*.*.32852 > *.*.*.*.domain: 3+ A? www.ruby-lang.org. (35) 14:41:43.935295 IP *.*.*.*.domain > *.*.*.*.32852: 3 2/2/4 CNAME carbon.ruby-lang.org., A 221.186.184.68 (211) 14:41:43.935697 IP *.*.*.*.32853 > *.*.*.*.domain: 4479+ PTR? rev.dns.rec.some.name.of.the.host.in-addr.arpa. (43) 14:41:43.935971 IP *.*.*.*.domain > *.*.*.*.32853: 4479* 1/3/4 PTR some.name.of.the.host. (217) 14:41:43.939750 IP *.*.*.*.32852 > *.*.*.*.domain: 4+ A? www.ruby-lang.org. (35) 14:41:43.940020 IP *.*.*.*.domain > *.*.*.*.32852: 4 2/2/4 CNAME carbon.ruby-lang.org., A 221.186.184.68 (211) 14:41:43.940422 IP *.*.*.*.32853 > *.*.*.*.domain: 45762+ PTR? rev.dns.rec.some.name.of.the.host.in-addr.arpa. (43) 14:41:43.940705 IP *.*.*.*.domain > *.*.*.*.32853: 45762* 1/3/4 PTR some.name.of.the.host. (217) 14:41:43.944454 IP *.*.*.*.32852 > *.*.*.*.domain: 5+ A? www.ruby-lang.org. (35) 14:41:43.944734 IP *.*.*.*.domain > *.*.*.*.32852: 5 2/2/4 CNAME carbon.ruby-lang.org., A 221.186.184.68 (211) 14:41:43.945129 IP *.*.*.*.32853 > *.*.*.*.domain: 13583+ PTR? rev.dns.rec.some.name.of.the.host.in-addr.arpa. (43) 14:41:43.945392 IP *.*.*.*.domain > *.*.*.*.32853: 13583* 1/3/4 PTR some.name.of.the.host. (217) 14:41:43.949186 IP *.*.*.*.32852 > *.*.*.*.domain: 6+ A? www.ruby-lang.org. (35) 14:41:43.949446 IP *.*.*.*.domain > *.*.*.*.32852: 6 2/2/4 CNAME carbon.ruby-lang.org., A 221.186.184.68 (211) 14:41:43.949890 IP *.*.*.*.32853 > *.*.*.*.domain: 45038+ PTR? rev.dns.rec.some.name.of.the.host.in-addr.arpa. (43) 14:41:43.950163 IP *.*.*.*.domain > *.*.*.*.32853: 45038* 1/3/4 PTR some.name.of.the.host. (217) 14:41:43.953937 IP *.*.*.*.32852 > *.*.*.*.domain: 7+ A? www.ruby-lang.org. (35) 14:41:43.954225 IP *.*.*.*.domain > *.*.*.*.32852: 7 2/2/4 CNAME carbon.ruby-lang.org., A 221.186.184.68 (211) 14:41:43.954593 IP *.*.*.*.32853 > *.*.*.*.domain: 27150+ PTR? rev.dns.rec.some.name.of.the.host.in-addr.arpa. (43) 14:41:43.954859 IP *.*.*.*.domain > *.*.*.*.32853: 27150* 1/3/4 PTR some.name.of.the.host. (217) 14:41:43.958667 IP *.*.*.*.32852 > *.*.*.*.domain: 8+ A? www.ruby-lang.org. (35) 14:41:43.958943 IP *.*.*.*.domain > *.*.*.*.32852: 8 2/2/4 CNAME carbon.ruby-lang.org., A 221.186.184.68 (211) 14:41:43.959335 IP *.*.*.*.32853 > *.*.*.*.domain: 27956+ PTR? rev.dns.rec.some.name.of.the.host.in-addr.arpa. (43) 14:41:43.959613 IP *.*.*.*.domain > *.*.*.*.32853: 27956* 1/3/4 PTR some.name.of.the.host. (217) 14:41:43.963347 IP *.*.*.*.32852 > *.*.*.*.domain: 9+ A? www.ruby-lang.org. (35) 14:41:43.963632 IP *.*.*.*.domain > *.*.*.*.32852: 9 2/2/4 CNAME carbon.ruby-lang.org., A 221.186.184.68 (211) 14:41:43.964015 IP *.*.*.*.32853 > *.*.*.*.domain: 19992+ PTR? rev.dns.rec.some.name.of.the.host.in-addr.arpa. (43) 14:41:43.964282 IP *.*.*.*.domain > *.*.*.*.32853: 19992* 1/3/4 PTR some.name.of.the.host. (217)