[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: tor provided me first warning of corrupted ISP name servers




Am 24.08.2008 um 20:10 schrieb Scott Bennett:
I guess OpenDNS.com has become quite popular, since Dan Kaminsky =20
himself proposed to use it, if you have no chance to fix your DNS =20
against the recently published security hole. So if your provider =20

Oh? What is this new hole? I haven't heard much lately about named(8)
or resolver routines in terms of current problems with them.

It's not a problem of named. It's a problem of the DNS system itself. The new attack is a sophisticated variant of cache poisoning. There was a lot fuss about it in the last months. Here is a good explanation of Kaminskis attack: http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html

The interim fix is that recursing resolvers have to use random source ports for queries. Since almost no DNS server was doing this, all of them have to be patched. As of now about 50% are patched. You can check your own vulnerability at http://www.doxpara.com/


Cheers,

Sven

--
http://sven.anderson.de    "Believe those who are seeking the truth.
tel:    +49-551-9969285     Doubt those who find it."
mobile: +49-179-4939223                                 (André Gide)