Find users who installed dnsmasq via Homebrew: SELECT * FROM homebrew_packages WHERE name='dnsmasq'.Discover hosts that are have dnsmasq listening on localhost port 53: SELECT DISTINCT(processes.name), process_open_sockets.local_port FROM processes JOIN process_open_sockets USING (pid) WHERE local_port=53 AND processes.name='dnsmasq'.Find running Docker containers with dnsmasq in the name: SELECT name FROM docker_containers WHERE name LIKE '%dnsmasq%'.Find dnsmasq installed via Homebrew or MacPorts by enumerating related launchd plist: SELECT * FROM launchd WHERE name LIKE '%dnsmasq%'.To ensure we were able to thoroughly inventory every host with any form of dnsmasq installed, we used four separate queries: To make the situation more complex, some development teams were using a dnsmasq Docker image as part of their development workflow, so identifying dnsmasq installations would not be as simple as searching through installed programs.
Case study: dnsmasq vulnerabilitiesĪfter Google’s security team published their blog detailing the numerous vulnerabilities with dnsmasq, our InfoSec team spun up an effort to remove dnsmasq wherever it was installed and upgrade dnsmasq to the patched version wherever it was still required.
Multiple RCE vulnerabilities were discovered in dnsmasq a widely and commonly used applicationĮach of these incidents required the capability to ask a series of “questions” to the entirety of a fleet in order to identify impacted systems.A release of CCleaner.exe was packaged with a malicious backdoor.
Install it by running: sudo dnf install bind-utils How to Use nslookup? On CentOS, Fedora, and Red Hat, nslookup is part of the bind-utils package. If you need to install it again on Ubuntu or another Linux distro featuring the APT package manager, install the dnsutils package: sudo apt install dnsutils Nslookup comes preinstalled on all major operating systems. View hardware-related information about the host. View information about the DNS A address records. Specify the time allowed for the server to respond. Find all the important nslookup options in the following table.