JohnInSJ
Premium
join:2003-09-22
San Jose, CA | reply to FiOS Dan
Re: With DNS Flaw Now Public, Attack Code Imminent
OpenDNS, and just about every other DNS has been patched already. This was more a media event then anything else.
--
My place : »www.schettino.us |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny | Perhaps they all were playing catchup, but good to see the fix is in place!
--
"In the future, that which is not mandatory will be illegal" |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
 ·RoadRunner Cable
| reply to JohnInSJ
said by JohnInSJ  :OpenDNS, and just about every other DNS has been patched already. This was more a media event then anything else. SoCal Road Runner's DNS servers have NOT [as of this writing] been secured.
Hopefully all this RR slowdown stuff happening won't keep them from allocating the resources to resolve this issue which IMO should be Job 1.
-amy-
--
Proud Member of ASAP
DSLR Phishtracker |
|
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR
·Comcast
 ·AT&T Southwest
| reply to JohnInSJ
said by JohnInSJ :OpenDNS, and just about every other DNS has been patched already. This was more a media event then anything else. According to this thread: »Change your DNS away from AT&T NOW!!!
AT&T DNS servers are not patched either. If true that's pretty lame and dangerous. |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
·Comcast
1 edit |  reply to JohnInSJ
Good test to check your ISPs DNS servers
said by JohnInSJ :OpenDNS, and just about every other DNS has been patched already. This was more a media event then anything else. If you want to check whether your ISPs DNS servers are updated, you can run this test.
»entropy.dns-oarc.net/test/
It tests for BOTH port randomness and Transaction ID randomness.
I use Opendns and they showed GREAT on both tests. But my ISPs DNS(Comcast) that I use as the 3rd DNS entry in my list showed as POOR on the port randomness test.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? |
|
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR | FYI The OARC test may not be as accurate on Comcast. See this thread:
»[DNS] Comcast and the DNS Server flaw issue
Even Dan Kaminsky has chimed in. |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
·Sprint Mobile Broa..
·Comcast
| Thanks for update. I did try the doxpara test too. But the doxpara test only tests the 1st DNS server it finds in the DNS list for the computer. The entropy test tests all the entries in the computers DNS list. So that made it easier to use.
In any case, the opendns servers test as well as or better than Comcasts and I'll stick with them.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? |
|
TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
Yonkers, NY
| reply to jbob
It seems both tests can give different results at times, especially if the servers source ports are not completely random. Have gotten results from Poor to Great with the new test. In looking at the ports used, it looks as if they tend to be in one range and then change to another range for my ISP.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore. |
|
