DNS Vulnerability
| Author |
Message |
Dan
|
 Posted: Sat Jul 26, 2008 9:23 pm Post subject: DNS Vulnerability |
|
|
This month a new DNS cache poisoning vulnerability was found that could effect most DNS, including those used by most ISPs.
The application of this vulnerability is that the attacker could change the record of any domain name to any ip or site they like, unknown to the user. This recored would then be stored in the cache of the DNS server in till it's TTL runs out and would be spread to any other DNS that trys to do a look up from it.
This means that an attacker could change rbc.com (or any bank) to there own fake site and get bank information from all of an unpatced ISPs cusmters that use online banking with out the user knowing. (In theory even the security certs would say the site is valid). Also an attacker could replace the domain name for a popular download or update site (like windows update or Firefox) and have the user download any code they like and have it run. The effects of this hole could be massive.
Luckily there is already a fix out there and MOST ISPs have applied them to there DNS. Unfrontly there are a few that have not (they have had since July 8th) and this means all of the customers are massively vulnerable and is why i am posting this.
With some help from the IRC channel #compsci.ca (Nick, Timmy, StealthArcher, rdrake, Unforgiven, Bored, wtd), #operations (dcraig) and tony we are so far found that:
Bell Sympatico: Most Patched (some only using port randomization)
Rogers: NOT PATCHED, UNSECURE!!!
caltech (USA/school): Patched
Comcast (USA): Patched
Cogeco: Using port randomization (mostly safe)
nac.net (Hosting Company): Using port randomization (mostly safe)
Shaw: Using port randomization (mostly safe)
U of W (school): Using port randomization (mostly safe)
You can check your own DNS here: http://www.doxpara.com/?p=1176
Post if you have a diffrent ISP or result.
Sources:
* http://www.nytimes.com/idg/IDG_852573C4006938800025748F007863C4.html
* http://beezari.livejournal.com/141796.html
PS. If you are on rogers or an insecure DNS you should immediately change to a patched/secure DNS such as OpenDNS and tell your ISP. |
| Computer Science Canada
Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more! |
|
|
|
 |
Sponsor
Sponsor
|
|
|
Dan
|
| Posted: Sat Jul 26, 2008 9:32 pm Post subject: RE:DNS Vulnerability |
|
|
Some safe DNS ips:
bell:
207.164.234.193
207.164.234.129
206.47.244.15 (only using port randomization)
caltech:
131.215.254.100
131.215.9.49 (not tested but should be safe)
131.215.139.100 (not tested but should be safe)
OpenDNS (has ads and other stuff):
208.67.222.222
208.67.220.220
Comcast:
68.87.77.132
Cogeco:
24.226.10.19 (only using port randomization)
Shaw:
64.59.144.16 (only using port randomization)
U of W:
129.97.128.10 (only using port randomization) |
| Computer Science Canada
Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more! |
|
|
|
|
michaelp
|
| Posted: Sun Jul 27, 2008 10:19 am Post subject: RE:DNS Vulnerability |
|
|
Phew, I'm with Bell.  |
|
|
|
|
|
|
|
Register
Wiki
Blog
Search
Turing
Chat Room
Members
