Re: FW: Hack - DNS cache poisoning resurfacing on MS DNS?

From: David Ulevitch (daviduat_private)
Date: Thu Jan 17 2002 - 09:00:13 PST

  • Next message: Mike Healy: "RE: Comcast.net abuse contact?"

    Hello Vidovic,
    
    Thursday, January 17, 2002, 8:32:10 AM, you wrote:
    
    Vidovic> hi there,
    
    Vidovic> We obviously got some cache poisoning recently.
    Vidovic> FYI: we are using MS DNS.
    Vidovic> Anyone got the same problems???
    
    In your MS DNS Settings make sure to set:
    "Secure cache against pollution"
    
    I swear it's a real setting, why it isn't checked by default is beyond
    the life of me.
    (http://support.microsoft.com/default.aspx?scid=kb;EN-US;q241352)
    
    Vidovic> I've seen nothing on our IDS...
    
    You wouldn't.  It's all done in standard DNS.
    
    Vidovic> PS: I CCed dnsmasterat_private just to check if he's aware of
    Vidovic> this...
    
    He may not be the one doing it.  I could easily poison you and list
    ns1.yahoo.com as being authoritative for ".com".
    
    Vidovic> here's the stuff:
    Vidovic> It looks definitely like the old DNS cache poisoning trick:
    
    It is...but sometimes its on accident and sometimes not...
    
    Thanks,
     David Ulevitch                           mailto:daviduat_private
     Founder, EveryDNS.Net                    http://www.everydns.net
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jan 17 2002 - 13:10:29 PST