Computer Science Canada

DNS Vulnerability

Author:  Dan [ Sat Jul 26, 2008 9:23 pm ]
Post subject:  DNS Vulnerability

This month a new DNS cache poisoning vulnerability was found that could effect most DNS, including those used by most ISPs.

The application of this vulnerability is that the attacker could change the record of any domain name to any ip or site they like, unknown to the user. This recored would then be stored in the cache of the DNS server in till it's TTL runs out and would be spread to any other DNS that trys to do a look up from it.

This means that an attacker could change (or any bank) to there own fake site and get bank information from all of an unpatced ISPs cusmters that use online banking with out the user knowing. (In theory even the security certs would say the site is valid). Also an attacker could replace the domain name for a popular download or update site (like windows update or Firefox) and have the user download any code they like and have it run. The effects of this hole could be massive.

Luckily there is already a fix out there and MOST ISPs have applied them to there DNS. Unfrontly there are a few that have not (they have had since July 8th) and this means all of the customers are massively vulnerable and is why i am posting this.

With some help from the IRC channel (Nick, Timmy, StealthArcher, rdrake, Unforgiven, Bored, wtd), #operations (dcraig) and tony we are so far found that:

Bell Sympatico: Most Patched (some only using port randomization)
caltech (USA/school): Patched
Comcast (USA): Patched
Cogeco: Using port randomization (mostly safe) (Hosting Company): Using port randomization (mostly safe)
Shaw: Using port randomization (mostly safe)
U of W (school): Using port randomization (mostly safe)

You can check your own DNS here:

Post if you have a diffrent ISP or result.


PS. If you are on rogers or an insecure DNS you should immediately change to a patched/secure DNS such as OpenDNS and tell your ISP.

Author:  Dan [ Sat Jul 26, 2008 9:32 pm ]
Post subject:  RE:DNS Vulnerability

Some safe DNS ips:

bell: (only using port randomization)

caltech: (not tested but should be safe) (not tested but should be safe)

OpenDNS (has ads and other stuff):


Cogeco: (only using port randomization)

Shaw: (only using port randomization)

U of W: (only using port randomization)

Author:  michaelp [ Sun Jul 27, 2008 10:19 am ]
Post subject:  RE:DNS Vulnerability

Phew, I'm with Bell. Very Happy