Hello Vidovic, Thursday, January 17, 2002, 8:32:10 AM, you wrote: Vidovic> hi there, Vidovic> We obviously got some cache poisoning recently. Vidovic> FYI: we are using MS DNS. Vidovic> Anyone got the same problems??? In your MS DNS Settings make sure to set: "Secure cache against pollution" I swear it's a real setting, why it isn't checked by default is beyond the life of me. (http://support.microsoft.com/default.aspx?scid=kb;EN-US;q241352) Vidovic> I've seen nothing on our IDS... You wouldn't. It's all done in standard DNS. Vidovic> PS: I CCed dnsmasterat_private just to check if he's aware of Vidovic> this... He may not be the one doing it. I could easily poison you and list ns1.yahoo.com as being authoritative for ".com". Vidovic> here's the stuff: Vidovic> It looks definitely like the old DNS cache poisoning trick: It is...but sometimes its on accident and sometimes not... Thanks, David Ulevitch mailto:daviduat_private Founder, EveryDNS.Net http://www.everydns.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 17 2002 - 13:10:29 PST