cancel
Showing results for 
Search instead for 
Did you mean: 

DNS Vulnerability update

Community Veteran
Posts: 3,789
Registered: 08-06-2007

DNS Vulnerability update

El Reg have posted an update to the DNS vulnerability that was recently patched by the major vendors (the one that caused the ZoneAlarm update problems)
http://www.theregister.co.uk/2008/07/25/isps_slow_to_patch/
Of particular note:
[quote=El Reg]
Now that attack code exploiting the vulnerability has been leaked into the wild, millions of subscribers are at risk of being silently redirected to impostor sites that try to install malware or steal sensitive information. Comcast and Plusnet were the only two ISPs we found that weren't vulnerable.

Some back-patting required.  Well done guys and gals Smiley
B.
9 REPLIES
VileReynard
Seasoned Pro
Posts: 10,827
Thanks: 250
Fixes: 10
Registered: 01-09-2007

Re: DNS Vulnerability update

carrot63
Grafter
Posts: 599
Registered: 12-07-2007

Re: DNS Vulnerability update

Credit where it's due ... well done chaps. Cheesy
Excellent link axisofevil - some quite unbelievable stories.
Community Veteran
Posts: 1,229
Thanks: 1
Registered: 30-07-2007

Re: DNS Vulnerability update

ummm I haven't read all the stuff about this, and my level of knowledge of DNS is veneer-thin, but ... I often see people saying they use, or suggesting others use, the "OpenDNS" servers in preference to the PlusNet ones.
SO, if you are using DNS servers other than PN's, would that mean that being with PlusNet conferred no benefit for this situation (prior to the fixes being installed)
It's fairly academic now, I guess, but I'd be interested to see what people have to say nevertheless.
paul
James
Grafter
Posts: 21,036
Registered: 04-04-2007

Re: DNS Vulnerability update

Hi Paul,
That's only if people are manually specifying DNS servers.
My default the router would automatically use ours.
paulby
Grafter
Posts: 1,619
Registered: 26-07-2007

Re: DNS Vulnerability update

Quote
SO, if you are using DNS servers other than PN's, would that mean that being with PlusNet conferred no benefit for this situation

If you were using OpenDNS you would have been OK.  They were not susceptible to the vulnerability - see here.
Community Veteran
Posts: 38,460
Thanks: 1,027
Fixes: 62
Registered: 15-06-2007

Re: DNS Vulnerability update

Odd thing was that I checked my connection when el Reg first reported it and both PlusNet and RIN came up clear.
Makes me wonder about the validity of the test
Community Veteran
Posts: 1,229
Thanks: 1
Registered: 30-07-2007

Re: DNS Vulnerability update

Quote from: Jameseh
That's only if people are manually specifying DNS servers.

Smiley well when I said veneer-thin I didn't mean so thin I didn't realise that ... still how were you to know?
But below the veneer, this question occurs to me: If someone were to leave their router at default (so it a
automatically picked up their ISP's DNS servers) but specified DNS servers in their Windows TCP/IP settings,  which would take precedence?
paul
paulby
Grafter
Posts: 1,619
Registered: 26-07-2007

Re: DNS Vulnerability update

The ones specified in Windows! 
The DNS servers used will be those maually eneterd into the TCP/IP configuration in Windows. 
Community Veteran
Posts: 1,229
Thanks: 1
Registered: 30-07-2007

Re: DNS Vulnerability update

ta.