I have been going through YouYube and found this great video about IPSec…
Popularity: 3% [?]
Browsing Security™
DNS Cache Poisoning Bug
Posted by Nish Vamadevan in August 7th, 2008
When a Name Server looks up a domain for the IP address, it stores the information into the cache so it doesn’t have to look it up every single time a request is made. For example, if someone looks for www.nishv.com the DNS server will look up the domain and stores the IP address 72.52.178.35 into the cache for a given time so it doesn’t have to look up that domain again for a given period of time.
DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a DNS Server that did not originate from authoritative DNS sources.
It happens when an attacker sends malicious data in response to a DNS query. For example, DNS query for www.nishv.com can be redirected to another website.
This method is taking the phishing scam to another level, you might be visiting your bank’s website but without you realising it, you will actually be putting in all the login information into some hackers servers which made it look exactly like the bank’s website. Yes, this is very serious!
How do you patch it?
On the client side (we are talking about Microsoft Windows here), your machines should have been patches automatically if you set the Auto-Update option. If not, I recommend you check the available updates and patch it as soon as possible.
If you use a DNS Server, my recommendation is to use the following command to figure out whether it has been patched or not. If it is not, STOP using it and have a look at this post on OpenDNS for more info.
Use the following DIG command on UNIX
dig +short @{name-server-ip} porttest.dns-oarc.net txt
dig +short @ns1.example.com porttest.dns-oarc.net txt
dig +short @208.67.222.222 porttest.dns-oarc.net txt
and you should get a result similar to this…
nishv@nishv.com [~]# dig +short @208.67.222.222 porttest.dns-oarc.net txt
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
“208.67.217.8 is GREAT: 26 queries in 2.1 seconds from 26 ports with std dev 20119″
Or something like this…
nishv@nishv.com [~]# dig +short @4.2.2.2 porttest.dns-oarc.net txt
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
“209.244.4.25 is GOOD: 26 queries in 1.9 seconds from 26 ports with std dev 3880″
If you don’t get GREAT or GOOD and gets something like POOR, you should immediately stop using it.
If you manage that DNS server, patch it or decommission it!
This is how to check on Windows
Open up command prompt by going Start –> Run –> CMD or on Vista typing CMD on the Start Search box
nslookup -type=txt -timeout=30 porttest.dns-oarc.net
nslookup -type=txt -timeout=30 porttest.dns-oarc.net ns1.your-isp.com
nslookup -type=txt -timeout=30 porttest.dns-oarc.net NS-SERVER-IP
You must see the GREAT or GOOD, if not your DNS Server is compromised.
You can see Dan Kaminsky’s presentation below…
Popularity: 6% [?]
- CCDE Design Track Certification
- IPSec Explained
- Adding Nameservers on Sun Solaris
- How to add IP Address / Default Gateway on Sun Solaris
- DNS Cache Poisoning Bug
- Logitech MX Air Gyroscopic Cordless Mouse
- HTC Kaiser (TyTN II) car charger problem solved!
- Windows Defender Error Application failed to initialize: 0×800106ba.
- Disable Windows Defender
- Live Messenger Blocks YouTube URLs
-
If you want your blog to really stand out, to be special for your visitors, then you need to see the WordPress Themes
that Template Monster offers! Over 300 high-quality designs created especially for your WordPress blog.
- 4GB 32 Bit OS Android Operating System Antivirus Bio Fuel Bio Fuel Airline Choosing ISP Coconut Airline Dual Monitor ethernet modem Facebook features Firewall Fix MSCOMCTL.OCX Fraud Risk Google Android Google Operating System ISP MacBook Macbook Air Macbook Touch MacTouch Microsoft Product Red Monitor MSCOMCTL.OCX Multiple Monitors Online Fraud Online Scam OpenDNS Product Red secure interent secure router Security Software vbulletin admin vbulletin user to admin vbulletin user to admin database vbulletin user to admin phpmyadmin Virgin Atlantic Which ISP Windows Live Writer Windows Vista Windows XP WLR Yahoo! Yahoo OneConnect
Latest In Articles
DNS Cache Poisoning Bug
When a Name Server looks up a domain for the IP address, it stores the ...continue readingShould UK Monitor Internet Activities
This is a controversial question among people whether UK should monitor all Internet and communication ...continue readingChoosing Internet Provider
BT had finally called for action on internet speed and how they are advertised to ...continue readingBio fuel Powered Airline
I have written an article on Hydrogen Powered Car, now I have stumbled over Bio ...continue reading
My name is Nish Vamadevan, I live in London. I’m a Network Systems Administrator, and Freelance IT Consultant. I’d like to think of myself and a creative and a resourceful person when it’s come to Computers and Technology.
I have been working in the freelance IT sector for over 6 years and have done various Network Deployments, System Administration and Building, maintaining, managing websites for Small / Medium companies..