DNS Vulnerability update

zubel · ‎08-06-2007

El Reg have posted an update to the DNS vulnerability that was recently patched by the major vendors (the one that caused the ZoneAlarm update problems)
http://www.theregister.co.uk/2008/07/25/isps_slow_to_patch/
Of particular note:
[quote=El Reg]
Now that attack code exploiting the vulnerability has been leaked into the wild, millions of subscribers are at risk of being silently redirected to impostor sites that try to install malware or steal sensitive information. Comcast and Plusnet were the only two ISPs we found that weren't vulnerable.

Some back-patting required. Well done guys and gals

B.

VileReynard · ‎01-09-2007

Especially in the light of http://en.wikipedia.org/wiki/Comcast#Reputation_for_poor_customer_satisfaction

"In The Beginning Was The Word, And The Word Was Aardvark."

carrot63 · ‎12-07-2007

Credit where it's due ... well done chaps.

Excellent link axisofevil - some quite unbelievable stories.

paulh · ‎30-07-2007

ummm I haven't read all the stuff about this, and my level of knowledge of DNS is veneer-thin, but ... I often see people saying they use, or suggesting others use, the "OpenDNS" servers in preference to the PlusNet ones.
SO, if you are using DNS servers other than PN's, would that mean that being with PlusNet conferred no benefit for this situation (prior to the fixes being installed)
It's fairly academic now, I guess, but I'd be interested to see what people have to say nevertheless.
paul

James · ‎04-04-2007

Hi Paul,
That's only if people are manually specifying DNS servers.
My default the router would automatically use ours.

paulby · ‎26-07-2007

Quote
SO, if you are using DNS servers other than PN's, would that mean that being with PlusNet conferred no benefit for this situation

If you were using OpenDNS you would have been OK. They were not susceptible to the vulnerability - see here.

Oldjim · ‎15-06-2007

Odd thing was that I checked my connection when el Reg first reported it and both PlusNet and RIN came up clear.
Makes me wonder about the validity of the test

paulh · ‎30-07-2007

Quote from: Jameseh
That's only if people are manually specifying DNS servers.

well when I said veneer-thin I didn't mean so thin I didn't realise that ... still how were you to know?
But below the veneer, this question occurs to me: If someone were to leave their router at default (so it a
automatically picked up their ISP's DNS servers) but specified DNS servers in their Windows TCP/IP settings, which would take precedence?
paul

paulby · ‎26-07-2007

The ones specified in Windows!
The DNS servers used will be those maually eneterd into the TCP/IP configuration in Windows.

paulh · ‎30-07-2007

ta.