Programming C, C++, Java, PHP, Ruby, Turing, VB
Computer Science Canada 
Programming C, C++, Java, PHP, Ruby, Turing, VB  

Username:   Password: 
 RegisterRegister   
 DNS Vulnerability
Index -> General Discussion
View previous topic Printable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic
Author Message
Dan




PostPosted: Sat Jul 26, 2008 9:23 pm   Post subject: DNS Vulnerability

This month a new DNS cache poisoning vulnerability was found that could effect most DNS, including those used by most ISPs.

The application of this vulnerability is that the attacker could change the record of any domain name to any ip or site they like, unknown to the user. This recored would then be stored in the cache of the DNS server in till it's TTL runs out and would be spread to any other DNS that trys to do a look up from it.

This means that an attacker could change rbc.com (or any bank) to there own fake site and get bank information from all of an unpatced ISPs cusmters that use online banking with out the user knowing. (In theory even the security certs would say the site is valid). Also an attacker could replace the domain name for a popular download or update site (like windows update or Firefox) and have the user download any code they like and have it run. The effects of this hole could be massive.

Luckily there is already a fix out there and MOST ISPs have applied them to there DNS. Unfrontly there are a few that have not (they have had since July 8th) and this means all of the customers are massively vulnerable and is why i am posting this.

With some help from the IRC channel #compsci.ca (Nick, Timmy, StealthArcher, rdrake, Unforgiven, Bored, wtd), #operations (dcraig) and tony we are so far found that:

Bell Sympatico: Most Patched (some only using port randomization)
Rogers: NOT PATCHED, UNSECURE!!!
caltech (USA/school): Patched
Comcast (USA): Patched
Cogeco: Using port randomization (mostly safe)
nac.net (Hosting Company): Using port randomization (mostly safe)
Shaw: Using port randomization (mostly safe)
U of W (school): Using port randomization (mostly safe)

You can check your own DNS here: http://www.doxpara.com/?p=1176

Post if you have a diffrent ISP or result.

Sources:
* http://www.nytimes.com/idg/IDG_852573C4006938800025748F007863C4.html
* http://beezari.livejournal.com/141796.html

PS. If you are on rogers or an insecure DNS you should immediately change to a patched/secure DNS such as OpenDNS and tell your ISP.
Computer Science Canada Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more!
Sponsor
Sponsor
Sponsor
sponsor
Dan




PostPosted: Sat Jul 26, 2008 9:32 pm   Post subject: RE:DNS Vulnerability

Some safe DNS ips:

bell:
207.164.234.193
207.164.234.129
206.47.244.15 (only using port randomization)

caltech:
131.215.254.100
131.215.9.49 (not tested but should be safe)
131.215.139.100 (not tested but should be safe)

OpenDNS (has ads and other stuff):
208.67.222.222
208.67.220.220

Comcast:
68.87.77.132

Cogeco:
24.226.10.19 (only using port randomization)

Shaw:
64.59.144.16 (only using port randomization)

U of W:
129.97.128.10 (only using port randomization)
Computer Science Canada Help with programming in C, C++, Java, PHP, Ruby, Turing, VB and more!
michaelp




PostPosted: Sun Jul 27, 2008 10:19 am   Post subject: RE:DNS Vulnerability

Phew, I'm with Bell. Very Happy
Display posts from previous:   
   Index -> General Discussion
View previous topic Tell A FriendPrintable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic

Page 1 of 1  [ 3 Posts ]
Jump to:   


Style:  
Search: