Tuneraider
join:2003-05-21
Mckee, KY
| Internet flaw could let hackers take over the Web
Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web.
Major software and hardware makers worked in secret for months to create a software "patch" released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses.
»news.yahoo.com/s/afp/usitinterne···arecrime
When i go to »www.doxpara.com it says my dns name server appears vulnerable to DNS Cache Poisoning. |
|
ranschultz
Premium
join:2004-05-28
Canyon Country, CA | See this thread for some of the effects of these fixes. |
|
Cabal
Premium
join:2007-01-21
Boston, MA | reply to Tuneraider
Additionally: Massive, Coordinated Patch To the DNS Released
--
Would you trust a brain surgeon with two years' experience? |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA
 ·Sprint Mobile Broa..
 ·RoadRunner Cable
| reply to Tuneraider
Has anyone else tried the www.doxpara.com link to check their DNS? It would not work for me with Opera, even with site preferences set to allow Java and Javascript. With Firefox, it worked after I allowed doxpara.com and toorrr.com in NoScript. But it reported on my ISP's DNS server, not the one I have hardwired into resolv.conf. |
|
FiOS Dan
Premium
join:2001-07-06
Redondo Beach, CA
 ·Verizon FIOS
 ·EarthLink
| said by mikenolan7  :Has anyone else tried the www.doxpara.com link to check their DNS? It would not work for me with Opera, even with site preferences set to allow Java and Javascript. It just worked for me with Opera 9.51 and, saints be praised, for some reason it says that my name server "appears to be safe." I say "for some reason" because I have not installed any patches today. 
--
Courage is being scared to death but saddling up anyway.
|
|
pepperxn
join:2001-02-21 | reply to mikenolan7
same here. it reported the isp's dns server, not the one that I have setup. |
|
scelli
Native New Yorker
Premium
join:1999-08-07
Houston, TX
| reply to Tuneraider
Same here as far as my DNS name server being vulnerable according to that website, though I successfully installed all available WU updates for Vista Ultimate this afternoon.
--
The maximum effective range of an excuse is ZERO meters! |
|
mouse
Premium
join:2007-03-29
australia
·OptusNet
| reply to Tuneraider
According to OpenDNS their servers are not affected and have not been affected prior to the notification:
»blog.opendns.com/2008/07/08/open···ure-dns/ |
|
Owlbet
Ignite the Ice
Premium,MVM
join:2002-09-24
Palmer, AK
clubs:
·MTA Online
| reply to Tuneraider
This is just weird. All during the holiday weekend I fought connectivity problems. My modem kept grabbing new IPs for no reason. My ISP wanted to blame it on me, my computers, my router, the weather, the dog, etc without just once, acknowledging they may be the problem. When I eliminated the router and plugged the computer directly into the modem for a 24 hour period, I still had connectivity problems. It was during this time that I (for grins) eliminated my ISP's DNS servers and instead began using OpenDNS's servers.
I never did get an answer on my connectivity problems over the weekend and the problem has cleared up on its own.
When I go to doxpara.com, it says my DNS name server is not vulnerable to cache poisoning.
--
Team Discovery
|
|
MarkAW
Call me lil bratt
Premium
join:2001-08-27
Canada
·Bell Sympatico
| reply to Tuneraider
I just went to the doxpara link and made it check my DNS server and the IP it came back with was a Verison server IP which doxpara says my dns name server appears vulnerable to DNS Cache Poisoning. 
--
Advertising is legalized lying. - H.G. Wells
Pleasure in the job puts perfection in the work. - Aristotle |
|
scelli
Native New Yorker
Premium
join:1999-08-07
Houston, TX
| reply to Owlbet
Found this, which many of you may have already seen:
»www.microsoft.com/technet/securi···037.mspx
According to the article, neither 32 or 64 bit Vista SP1 are affected. I'm running Ultimate 32, so wonder how come I failed the test for DNS poising???
--
The maximum effective range of an excuse is ZERO meters! |
|
Cabal
Premium
join:2007-01-21
Boston, MA
| said by scelli :Found this, which many of you may have already seen: » www.microsoft.com/technet/securi···037.mspxAccording to the article, neither 32 or 64 bit Vista SP1 are affected. I'm running Ultimate 32, so wonder how come I failed the test for DNS poising??? The page in question doesn't test your local resolver, it tests your DNS server.
--
Would you trust a brain surgeon with two years' experience? |
|
scelli
Native New Yorker
Premium
join:1999-08-07
Houston, TX | Are you saying the problem lies at my ISP's level? I'm a bit lost with this whole thing, so any help would be mucho appreciated.
TIA!
--
The maximum effective range of an excuse is ZERO meters! |
|
NetFixer
From my cold dead hands
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
 ·Vonage
·Cingular Wireless
·AT&T CallVantage
·Comcast
edit:
July 9th, @05:26AM
| said by scelli :Are you saying the problem lies at my ISP's level? I'm a bit lost with this whole thing, so any help would be mucho appreciated. TIA! If you are referring to the test at »www.doxpara.com/ then that test doesn't necessarily check your ISP DNS servers, or your configured DNS servers. It said I was using 209.244.5.147, which does not belong to either of my ISPs, and I do my own DNS resolution using the root servers to sync my local DNS servers.
EDIT:
After applying the DNS patch to my Windows 2000 server, the »www.doxpara.com/ no longer flags my DNS server as vulnerable. I don't know where they got the IP address 209.244.5.147 on my initial test, but it appears that even though they may report a bogus DNS server IP address, the basic test itself may be valid.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers. |
|
DiscardedVet
Premium
join:2005-04-06
Sturgis, SD
edit:
July 9th, @04:44AM
| reply to Tuneraider
Hmm, the DNS server my ISP uses is in fact what doxpara reports me as using, and does say it is vulnerable.
I can only assume I should be attentive of this. Are there any steps the end-user can take on the side of caution? Besides changing where my box DNS goes, as I haven't foud one that seems to be as quick as my ISP's, actually quite a notcable difference when using ones posted within BBR.
--
Bush is the Prez....
Think Patriot Act II....
This outspoken dissident....
In jail I'll be soon. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to Tuneraider
209.244.5.146 is the DNS it reported for me (Which is not my ISPs DNS as seen by my Router of 207.69.188.185, 207.69.188.186), but my system shows I am using 4.2.2.1 and 4.2.2.2 clearly:
quote:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\XXXXXXXXX>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : XXXXXXXXX
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.invalid
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.invalid
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-00-00-00-00-00
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.254.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.254.254
DHCP Server . . . . . . . . . . . : 192.168.254.254
DNS Servers . . . . . . . . . . . : 4.2.2.1
4.2.2.2
NetBIOS over Tcpip. . . . . . . . : Disabled
Lease Obtained. . . . . . . . . . : Tuesday, July 08, 2008 10:33:41 PM
Lease Expires . . . . . . . . . . : Saturday, July 12, 2008 6:33:41 AM
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
jmorlan
Crescit Eundo
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
| reply to NetFixer
said by NetFixer :If you are referring to the test at » www.doxpara.com/ then that test doesn't necessarily check your ISP DNS servers, or your configured DNS servers. I am confused. I am configured to use my ISPs DNS servers which my modem reports as follows:
68.94.156.1 dnsr1.sbcglobal.net
68.94.157.1 dnsr2.sbcglobal.net
However »www.doxpara.com/ reports
quote:
Your name server, at 69.227.255.25, appears vulnerable to DNS Cache Poisoning.
That name server resolves to dnsnode14.pltnca.sbcglobal.net
Where did they get that? Am I really vulnerable?
--
"One can never know for sure what a deserted area looks like." (George Carlin) |
|
NetFixer
From my cold dead hands
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
·Comcast
edit:
July 9th, @07:00PM
| said by jmorlan :I am confused. I am configured to use my ISPs DNS servers which my modem reports as follows: 68.94.156.1 dnsr1.sbcglobal.net 68.94.157.1 dnsr2.sbcglobal.net However » www.doxpara.com/ reports quote:
Your name server, at 69.227.255.25, appears vulnerable to DNS Cache Poisoning.
That name server resolves to dnsnode14.pltnca.sbcglobal.net Where did they get that? Am I really vulnerable? I don't know why they used that DNS server (or why they seemed to chose a random Level3 server for my initial test), but at least that one does belong to your ISP. Possibly they simply look at your IP address, and make their best guess as to the DNS server that you are using.
As to being vulnerable, possibly you are, but there may be nothing you can do about it until the DNS server(s) that you are using are updated. Since OpenDNS claims that their servers are not vulnerable, you might temporarily change to OpenDNS and rerun the test to see what results you get.
EDIT:
I think that the DNS servers you are using are the AT&T/SBC Anycast DNS servers, which means that they automatically redirect to the nearest actual DNS server to your location. It also explains the seeming anomaly I initially saw. I had forgotten the I had recently changed the config on my DNS server to forward to the Level3 Anycast DNS servers 4.2.2.4 and 4.2.2.6 in order to speed up non-cached lookups.
My own testing indicated that once I applied the DNS patch to my local Windows 2000 DNS server (and also stopped forwarding to Level3), that test stopped indicating that I was vulnerable:
Your name server, at 74.245.184.227, appears to be safe.
--------------------------------------------------------
Requests seen for f28e9d63f913.toorrr.com:
74.245.184.227:62372 TXID=56426
66.134.0.234:49850 TXID=10039
74.245.184.227:62276 TXID=13749
66.134.0.234:54707 TXID=36922
74.245.184.227:56975 TXID=52462
========================================================
Your name server, at 66.134.0.234, appears to be safe.
------------------------------------------------------
Requests seen for 6863623814ca.toorrr.com:
66.134.0.234:51416 TXID=7057
74.245.184.227:63852 TXID=41403
66.134.0.234:57716 TXID=5083
74.245.184.227:64534 TXID=58858
66.134.0.234:55293 TXID=11753
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers. |
|
scelli
Native New Yorker
Premium
join:1999-08-07
Houston, TX
| reply to NetFixer
Thanks for the info. If I'm understanding correctly what you and the others are saying, it appears the next move is up to the ISP. In my case, that is AT&T.
At least I'm running Vista Ultimate SP1, which supposedly (knock on a sequoia tree in the Redwood Forest) at least is good for end-users running that particular OS.
--
The maximum effective range of an excuse is ZERO meters! |
|
NetFixer
From my cold dead hands
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
·Comcast
| reply to Doctor Olds
said by Doctor Olds :209.244.5.146 is the DNS it reported for me (Which is not my ISPs DNS as seen by my Router of 207.69.188.185, 207.69.188.186), but my system shows I am using 4.2.2.1 and 4.2.2.2... 4.2.2.1 and 4.2.2.2 are I believe Level3 Anycast DNS servers, and they are probably forwarding to 209.244.5.146.
My local Windows 2000 DNS server forwards non-cached requests to the 4.2.2.4 and 4.2.2.6 Level3 Anycast DNS servers and the DNS test detected them forwarding to 209.244.5.147.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers. |
|
