Keyboard Shortcuts
Thread View
j
: Next unread messagek
: Previous unread messagej a
: Jump to all threadsj l
: Jump to MailingList overview

HI
Well, I went to this site www.www.doxpara.com and clicked on Check my DNS and recived the following message
Your name server, at 202.6.120.10, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 32768
Do not be concerned at this time. IT administrators have only recently been apprised of this issue, and should have some time to safely evaluate and deploy a fix. -------------------------------------------------------------------------------- Requests seen for 47ab418bbd81.toorrr.com: 202.6.120.10:32768 TXID=35630 202.6.120.10:32768 TXID=49875 202.6.120.10:32768 TXID=18127 202.6.120.10:32768 TXID=51668 202.6.120.10:32768 TXID=23799
Is this a major problem that I should be concerned about or not.
Would appreciate any feedback.
Ioteba TSKL, Kiribati

yes see international press
"Toute connaissance est une réponse à une question"
On 18/07/2008, at 12:46, "Ioteba Buatia" ibuatia@tskl.net.ki wrote:
HI
Well, I went to this site www.www.doxpara.com and clicked on Check my DNS and recived the following message
Your name server, at 202.6.120.10, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 32768
Do not be concerned at this time. IT administrators have only recently been apprised of this issue, and should have some time to safely evaluate and deploy a fix. Requests seen for 47ab418bbd81.toorrr.com: 202.6.120.10:32768 TXID=35630 202.6.120.10:32768 TXID=49875 202.6.120.10:32768 TXID=18127 202.6.120.10:32768 TXID=51668 202.6.120.10:32768 TXID=23799
Is this a major problem that I should be concerned about or not.
Would appreciate any feedback.
Ioteba TSKL, Kiribati _______________________________________________ pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog

Hi,
Things related to your inquiry.
http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-...
http://securosis.com/publications/CERT%20Advisory.doc
The above basically outlines a major flaw in many DNS implementations that allow attackers to more effectively carry out DNS cache poisoning attacks. There was a major coordinated effort among most major network device manufactures to release patches that would reduce the ability of attackers to conduct these attacks.
Cheers, Mants
On 18/07/2008, at 12:46 PM, Ioteba Buatia wrote:
HI
Well, I went to this site www.www.doxpara.com and clicked on Check my DNS and recived the following message
Your name server, at 202.6.120.10, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 32768
Do not be concerned at this time. IT administrators have only recently been apprised of this issue, and should have some time to safely evaluate and deploy a fix. Requests seen for 47ab418bbd81.toorrr.com: 202.6.120.10:32768 TXID=35630 202.6.120.10:32768 TXID=49875 202.6.120.10:32768 TXID=18127 202.6.120.10:32768 TXID=51668 202.6.120.10:32768 TXID=23799
Is this a major problem that I should be concerned about or not.
Would appreciate any feedback.
Ioteba TSKL, Kiribati _______________________________________________ pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog

Hope will receive patches soon since I have mines listed as well!!!
cheers,
Bernie
_____
From: pacnog-bounces@pacnog.org [mailto:pacnog-bounces@pacnog.org] On Behalf Of Amante Alvaran Sent: Thursday, 17 July 2008 4:16 p.m. To: Ioteba Buatia Cc: PacNOG Subject: Re: [pacnog] dns ISSUE
Hi,
Things related to your inquiry.
http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in- dns-massive-multivendor-patch-released/ http://securosis.com/publications/CERT%20Advisory.doc
http://securosis.com/publications/CERT%20Advisory.doc
The above basically outlines a major flaw in many DNS implementations that allow attackers to more effectively carry out DNS cache poisoning attacks. There was a major coordinated effort among most major network device manufactures to release patches that would reduce the ability of attackers to conduct these attacks.
Cheers,
Mants
On 18/07/2008, at 12:46 PM, Ioteba Buatia wrote:
HI
Well, I went to this site www.www.doxpara.com and clicked on Check my DNS and recived the following message
Your name server, at 202.6.120.10, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 32768
Do not be concerned at this time. IT administrators have only recently been apprised of this issue, and should have some time to safely evaluate and deploy a fix.
_____
Requests seen for 47ab418bbd81.toorrr.com: 202.6.120.10:32768 TXID=35630 202.6.120.10:32768 TXID=49875 202.6.120.10:32768 TXID=18127 202.6.120.10:32768 TXID=51668 202.6.120.10:32768 TXID=23799
Is this a major problem that I should be concerned about or not.
Would appreciate any feedback.
Ioteba
TSKL, Kiribati
_______________________________________________ pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog

This is a good test site;
https://www.dns-oarc.net/oarc/services/dnsentropy
Some further info from the 'discoverer' of the vulnerability is at;
Rgds.,
Jon
Ioteba Buatia wrote:
HI
Well, I went to this site www.www.doxpara.com and clicked on Check my DNS and recived the following message
Your name server, at 202.6.120.10, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 32768
Do not be concerned at this time. IT administrators have only recently been apprised of this issue, and should have some time to safely evaluate and deploy a fix.
Requests seen for 47ab418bbd81.toorrr.com: 202.6.120.10:32768 TXID=35630 202.6.120.10:32768 TXID=49875 202.6.120.10:32768 TXID=18127 202.6.120.10:32768 TXID=51668 202.6.120.10:32768 TXID=23799
Is this a major problem that I should be concerned about or not.
Would appreciate any feedback.
Ioteba TSKL, Kiribati
pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog

Hi All,
The following information was sent by Ryan Connolly of Team Cymru regarding this major vulnerability that affects recursive DNS servers and can dramatically increase the potential danger of a cache poisoning attack. Operators are advised to act immediately to apply the relevant patches in order to mitigate this vulnerability.
Hope this information is of help
Regards
Cecil
-----------------------------------------------------------------------------------------------------------------------
Although DNS cache poisoning is not a new attack, Dan Kaminsky recently found a much faster way to implement such attacks, essentially drastically reducing the number of "guesses" an adversary must make when trying to poison a DNS server's cache. In the past, an attacker had to guess the DNS transaction ID number in order to implement a DNS cache poising attack, which meant picking the ID out of a possible combination of approximately 215 numbers in a correct implementation. By using a, "birthday attack," which has also been around for some time, this may be feasible. Recently, however, Kaminsky basically found a way to reduce the number of "guesses" to a very small number, making the vulnerability a serious issue.
The patches that were released by major network device vendors again increase the number of "guesses" an attacker would have to run through to effectively conduct a DNS cache poisoning attack by randomizing the source port used to make DNS requests. Now not only does an attacker have to correctly guess the transaction ID number associated with the DNS request, but the attacker also must guess the source port. In total, this returns the number of "guesses" necessary by an attacker back to roughly 216.
This is a potentially very serious issue because of the scope and because the end effect if an attacker is successful is that the attacker could redirect all traffic destined for a certain internet sever to a server controlled by the attacker, transparently to an end user.
For a comprehensive analysis and for more methods of reducing exposure to this vulnerability, please see the following: http://www.kb.cert.org/vuls/id/800113
Source port randomization is a practical solution that makes executing DNS cache poisoning attacks more difficult given the new vulnerability but does not completely solve the underlying problem, which is with the DNS specification. The wide scope of this vulnerability highlights the need to address the underlying issue by applying DNSSEC, which provides a robust method of preventing various methods of DNS cache poisoning.
For more information on DNS cache poisoning, please see the below URL: http://en.wikipedia.org/wiki/DNS_cache_poisoning
=========================================================================================
Jon Leeman wrote:
This is a good test site;
https://www.dns-oarc.net/oarc/services/dnsentropy
Some further info from the 'discoverer' of the vulnerability is at;
Rgds.,
Jon
Ioteba Buatia wrote:
HI
Well, I went to this site www.www.doxpara.com and clicked on Check my DNS and recived the following message
Your name server, at 202.6.120.10, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 32768
Do not be concerned at this time. IT administrators have only recently been apprised of this issue, and should have some time to safely evaluate and deploy a fix.
Requests seen for 47ab418bbd81.toorrr.com: 202.6.120.10:32768 TXID=35630 202.6.120.10:32768 TXID=49875 202.6.120.10:32768 TXID=18127 202.6.120.10:32768 TXID=51668 202.6.120.10:32768 TXID=23799
Is this a major problem that I should be concerned about or not.
Would appreciate any feedback.
Ioteba TSKL, Kiribati
pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog
pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog
Activity Summary
- 5551 days inactive
- 5551 days old
- pacnog@pacnog.org
- 6 participants
- 5 comments