With DNS Flaw Now Public, Attack Code Imminent in Security http://www.dslreports.com/forum/r20833863 en Sun, 06 Dec 2009 06:40:29 EDT Sun, 06 Dec 2009 06:40:29 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20877464 SUMware : »www.opendns.com/how/free/how-can···be-free/
OpenDNS makes money the same way Google and Yahoo do — by showing relevant ads when we show you search results.

This can be added this to the 'hosts' file: 127.0.0.1 guide.opendns.com]]> http://www.dslreports.com/forum/remark,20877464 Thu, 31 Jul 2008 11:32:52 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20877315 anon : My statement stands.]]> http://www.dslreports.com/forum/remark,20877315 Thu, 31 Jul 2008 11:02:53 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20877267 TKJunkMail :
said by Imagine Reason :

OpenDNS is a private company and not open source as its name may imply. They also hijack location bar searches. Just so everyone knows.
That can be easily turned off:
»Re: rogers inserting advertisements into my browser - WTF?
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk?]]> http://www.dslreports.com/forum/remark,20877267 Thu, 31 Jul 2008 10:54:51 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20877237 anon : OpenDNS is a private company and not open source as its name may imply. They also hijack location bar searches. Just so everyone knows.]]> http://www.dslreports.com/forum/remark,20877237 Thu, 31 Jul 2008 10:48:02 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20846015 Libra : Thank you, SipSizurp, for posting the pictures for me. In another thread I found out I could put those openDNS numbers into my Westell modem, so I did that instead and it covered both computer.

Sincerely, Libra]]> http://www.dslreports.com/forum/remark,20846015 Fri, 25 Jul 2008 02:23:31 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20845857 SUMware :
said by Sparrow See Profile :

One can open an account
OpenDNS states that creating an account is purely optional and completely unnecessary to use their service.]]> http://www.dslreports.com/forum/remark,20845857 Fri, 25 Jul 2008 01:12:54 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20845820 SipSizzurp :
said by Sparrow See Profile :

...open an account, download the updater...
:hmm: :hmm:
--
I spent most of my money on Women and Beer, and the rest I just wasted !]]> http://www.dslreports.com/forum/remark,20845820 Fri, 25 Jul 2008 00:58:55 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20845770 Sparrow : SipSizzurp See Profile,

It's much easier to use the OpenDNS page. It guides a client through with implicit and easy directions. One can open an account, download the updater and you are on your way.

There is also a forum for support questions.]]> http://www.dslreports.com/forum/remark,20845770 Fri, 25 Jul 2008 00:40:42 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20845612 SipSizzurp :
said by Libra See Profile :

... after I inserted the two dns numbers and clicked "okay" I got this message "In order to use DNS you must specify a host name for your computer."
If that is your Win98 machine, then the host name will be fine with anything you enter. For the XP box see the screen shot.
--
I spent most of my money on Women and Beer, and the rest I just wasted !
Click for full size
]]> http://www.dslreports.com/forum/remark,20845612 Thu, 24 Jul 2008 23:44:02 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20845561 Libra : Hi WiseGuy,
Thank you for your instructions. However, I ran into a problem: after I inserted the two dns numbers and clicked "okay" I got this message "In order to use DNS you must specify a host name for your computer." I didn't know what to put in, so I canceled it.

I'm also wondering what I have to do for the XP computer.

Thank you.

Sincerely, Libra]]> http://www.dslreports.com/forum/remark,20845561 Thu, 24 Jul 2008 23:32:38 EDT Re: With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20845225 FiOS Dan : Thank you OpenDNS! :)
Click for full size
]]> http://www.dslreports.com/forum/remark,20845225 Thu, 24 Jul 2008 22:16:58 EDT Re: Good test to check your ISPs DNS servers http://www.dslreports.com/forum/remark,20843990 TheWiseGuy :
said by jbob See Profile :

FYI The OARC test may not be as accurate on Comcast. See this thread:
»[DNS] Comcast and the DNS Server flaw issue

Even Dan Kaminsky has chimed in.
It seems both tests can give different results at times, especially if the servers source ports are not completely random. Have gotten results from Poor to Great with the new test. In looking at the ports used, it looks as if they tend to be in one range and then change to another range for my ISP.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.]]> http://www.dslreports.com/forum/remark,20843990 Thu, 24 Jul 2008 18:08:04 EDT Re: Good test to check your ISPs DNS servers http://www.dslreports.com/forum/remark,20842987 TKJunkMail :
said by jbob See Profile :

FYI The OARC test may not be as accurate on Comcast. See this thread:
»[DNS] Comcast and the DNS Server flaw issue

Even Dan Kaminsky has chimed in.
Thanks for update. I did try the doxpara test too. But the doxpara test only tests the 1st DNS server it finds in the DNS list for the computer. The entropy test tests all the entries in the computers DNS list. So that made it easier to use.

In any case, the opendns servers test as well as or better than Comcasts and I'll stick with them.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk?]]> http://www.dslreports.com/forum/remark,20842987 Thu, 24 Jul 2008 15:28:09 EDT Re: Good test to check your ISPs DNS servers http://www.dslreports.com/forum/remark,20842915 jbob : FYI The OARC test may not be as accurate on Comcast. See this thread:
»[DNS] Comcast and the DNS Server flaw issue

Even Dan Kaminsky has chimed in.]]> http://www.dslreports.com/forum/remark,20842915 Thu, 24 Jul 2008 15:16:27 EDT Good test to check your ISPs DNS servers http://www.dslreports.com/forum/remark,20842797 TKJunkMail :
said by JohnInSJ See Profile :

OpenDNS, and just about every other DNS has been patched already. This was more a media event then anything else.
If you want to check whether your ISPs DNS servers are updated, you can run this test.

»entropy.dns-oarc.net/test/

It tests for BOTH port randomness and Transaction ID randomness.

I use Opendns and they showed GREAT on both tests. But my ISPs DNS(Comcast) that I use as the 3rd DNS entry in my list showed as POOR on the port randomness test.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk?]]> http://www.dslreports.com/forum/remark,20842797 Thu, 24 Jul 2008 14:56:45 EDT Re: With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20842779 TKJunkMail :
said by FiOS Dan See Profile :

"One day after a security company accidentally posted details of a serious flaw in the Internet's Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon." (More...).
I would question whether that release was accidental. Seems more like it was done on purpose because they were annoyed that they weren't given all the info and part of the "in-crowd" that Kaminsky gave the info to.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk?]]> http://www.dslreports.com/forum/remark,20842779 Thu, 24 Jul 2008 14:51:57 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20842491 TheWiseGuy : To switch to opendns follow the instructions in Section 4 of the link below (instructions quoted) for windows 98 and use the following IP addresses for DNS servers, (ignore the Domain instructions and the gateway instructions.)

208.67.222.222
208.67.220.220

»Satellite Forum FAQ »[DW4000] I'm sharing my connection on a LAN. Do I need to do more?

said by faq :

Windows 98:

Start => Settings => Control Panel => click on the Network icon or right-click on the Network Neighborhood icon and choose 'Properties'. Either way gets you into the Network configuration screens.
From the list of installed clients, protocols and services, locate TCP/IP bound to the NIC It will look something like this: TCP/IP -> your network card. The arrow indicates the protocol is bound to that adapter. Highlight that and then click the Properties button. This gets you into the TCP/IP configuration screens. Click the DNS Configuration tab. Put as dot in the 'Enable DNS' radio button.
Then add the DNS servers,

--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.]]> http://www.dslreports.com/forum/remark,20842491 Thu, 24 Jul 2008 14:00:17 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20842328 Libra : I did this test twice on my 98se computer and got this:

1. 68.237.161.37 appears to have POOR source port randomness and GREAT transaction ID randomness.
2. 68.237.161.38 appears to have POOR source port randomness and GREAT transaction ID randomness.

The first time I did this test the results were the same but the number was 68.237.161.36.

I also did the test on our XP computer which has the MS Patch, and AOL running - AOL came up great for both tests, but my dsl numbers (similar to above) had the same poor source port and great randomness.

I have Verizon DSL with the Westell 2200 modem (that has a NAT Firewall router) and I use a switch to connect both pcs.

When Dan Kaminsky first had his test both computers tested "your dns server appears safe". After he changed the test, both computers show "your NAT is interfering".

I don't understand all of this. How do I fix this (or does Verizon have to fix this)? Also, I don't know how to switch to an open DNS.

Thank you.

Sincerely, Libra]]> http://www.dslreports.com/forum/remark,20842328 Thu, 24 Jul 2008 13:28:43 EDT Re: DNS Randomness Tests http://www.dslreports.com/forum/remark,20841827 caffeinator : Nice one..the other test never did work on my machine.
However, using my primary DNS server from the ISP I get:

Source Port Randomness: POOR (one port used but it's a high range)
Transaction ID Randomness: GREAT (25 diff. ID's used)

So, is that a problem?
I use openDNS as my secondary as a failsafe FWIW.

-CaFF]]> http://www.dslreports.com/forum/remark,20841827 Thu, 24 Jul 2008 12:04:16 EDT Re: With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20841592 TheWiseGuy : Thanks for the link.

OOL seems to have just patched, the link indicated they had done it right, versus dox which indicated possible NAT. Looks as if they use a larger sample.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.]]> http://www.dslreports.com/forum/remark,20841592 Thu, 24 Jul 2008 11:26:03 EDT DNS Randomness Tests http://www.dslreports.com/forum/remark,20841568 SUMware : DNS Resolver(s) Tested:
208.69.32.14 (bld4.ash.opendns.com) appears to have GREAT source port randomness and GREAT transaction ID randomness.

The essence of the problem is that DNS resolvers don't always use enough randomness in their transaction IDs and query source ports. Increasing the amount of randomness increases the difficulty of a successful poisoning attack.

This page exists to help you learn if your ISP's nameservers are vulnerable to this type of attack. If you click on the button below, we will test the randomness of your ISP DNS resolver.

For test visit: »https://www.dns-oarc.net/oarc/services/dnsentropy

The test takes a few seconds to complete. When its done you'll see a page where the transaction ID and source port randomness will be rated either GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact your ISP and ask if they have plans to upgrade their nameserver software before August 7th.
]]> http://www.dslreports.com/forum/remark,20841568 Thu, 24 Jul 2008 11:21:29 EDT Re: With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20841317 Steve : You guys are all idiots - I've been invulnerable to this for a long time.

I just use a really really really really big hosts file :-)]]> http://www.dslreports.com/forum/remark,20841317 Thu, 24 Jul 2008 10:36:44 EDT Re: With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20840593 jbob :
said by JohnInSJ See Profile :

OpenDNS, and just about every other DNS has been patched already. This was more a media event then anything else.
According to this thread: »Change your DNS away from AT&T NOW!!!
AT&T DNS servers are not patched either. If true that's pretty lame and dangerous.]]> http://www.dslreports.com/forum/remark,20840593 Thu, 24 Jul 2008 07:31:03 EDT Re: With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20840583 amysheehan :
said by JohnInSJ See Profile :

OpenDNS, and just about every other DNS has been patched already. This was more a media event then anything else.
SoCal Road Runner's DNS servers have NOT [as of this writing] been secured.

Hopefully all this RR slowdown stuff happening won't keep them from allocating the resources to resolve this issue which IMO should be Job 1.

-amy-
:)
--
Proud Member of ASAP
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,20840583 Thu, 24 Jul 2008 07:27:08 EDT Re: With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20840466 pepperxn : To be safe from this flaw: does one need to patch the local systems in addition to using a DNS server that's safe from this flaw.]]> http://www.dslreports.com/forum/remark,20840466 Thu, 24 Jul 2008 04:58:34 EDT Re: With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20840196 Its a Secret : Perhaps they all were playing catchup, but good to see the fix is in place!
--
"In the future, that which is not mandatory will be illegal"]]> http://www.dslreports.com/forum/remark,20840196 Thu, 24 Jul 2008 01:38:48 EDT Re: With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20840173 JohnInSJ : OpenDNS, and just about every other DNS has been patched already. This was more a media event then anything else.
--
My place : »www.schettino.us]]> http://www.dslreports.com/forum/remark,20840173 Thu, 24 Jul 2008 01:26:49 EDT Re: With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20834215 Cabal : »DNS Critical Flaw Explained?]]> http://www.dslreports.com/forum/remark,20834215 Tue, 22 Jul 2008 23:13:22 EDT Re: With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20834130 sivran : Bring it on. My network's ready. :)]]> http://www.dslreports.com/forum/remark,20834130 Tue, 22 Jul 2008 22:56:13 EDT Re: With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20833956 Its a Secret : Nice. The idiot from Matasano should be shown the door. And this from a security company?
--
"In the future, that which is not madatory will be illegal"]]> http://www.dslreports.com/forum/remark,20833956 Tue, 22 Jul 2008 22:23:32 EDT With DNS Flaw Now Public, Attack Code Imminent http://www.dslreports.com/forum/remark,20833863 FiOS Dan : "One day after a security company accidentally posted details of a serious flaw in the Internet's Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon." (More...).
--
Courage is being scared to death but saddling up anyway.
]]> http://www.dslreports.com/forum/remark,20833863 Tue, 22 Jul 2008 22:05:52 EDT