Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: phranque
" COMPUTER industry heavyweights are rushing to fix a flaw in the foundation of the internet that could allow hackers to control traffic on the worldwide web.
Major software and hardware makers worked in secret for months to create a software "patch" released overnight to repair the problem, which is in the way computers are routed to web page addresses. "
Full Story Here:
Security researcher Dan Kaminsky of IOActive stumbled upon the Domain Name System (DNS) vulnerability about six months ago and warned industry giants including Microsoft, Sun and Cisco to collaborate on a solution.
Amazing how people just "stumble" on to stuff like this.
The patch can't be "reverse engineered" by hackers interested in figuring out how to take advantage of the flaw, technical details of which are being kept secret for a month to give companies time to update computers.
So, we have a month to wait before the details are released. I'll be on pins and needles the whole time counting down each day until those details come out. ;)
Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor Patch Released
On July 8th, technology vendors from across the industry will simultaneously release patches for their products to close a major vulnerability in the underpinnings of the Internet. While most home users will be automatically updated, itís important for all businesses to immediately update their networks. This is the largest synchronized security update in the history of the Internet, and is the result of hard work and dedication across dozens of organizations.
His organisation is very cooperative about such things as requests to not try downloading zone files. He is very sincere about his work and how it is carried out.
To find out if the DNS server you use is vulnerable, click below.
Hmmm, guess what the results show me? My provider is vulnerable. And guess what they are vulnerable to?
Your name server, at ***.***.***.***, appears vulnerable to DNS Cache Poisoning.
Remember all those topics I ran on DNS Recursion and all that stuff that doesn't happen to many so it gets blown off? I have to wonder if this is related? I just don't know if I can wait a whole month to find out. ;)
There is absolutely no reason to panic; there is no evidence of current malicious activity using this flaw, but it is important everyone follow their vendor's guidelines to protect themselves and their organizations.
Cisco just released information...
Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
2008-07-08 - [cisco.com...]
Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches.
US-CERT has all the details...
Multiple DNS implementations vulnerable to cache poisoning
National Cyber Alert System
Technical Cyber Security Alert TA08-190B
2008-07-08 - [us-cert.gov...]
So, it's the same old news.
As a provider that would not have been on Dan's radar, I had already sent a direct inquiry asking for clarification in the event that algorithmic changes had to be made. Given that the only email current email address available to me was as listed in the doxpara.com whois, I had my doubts about getting a timely answer. If the cert advisory is accurate, then I have my answer. And, need not do anything :)
You can also just move the Internet security slider to "Medium" in ZA until the 2 companies come up with a better fix.
KB951748 is rated as Important, but not Critical or Patch Now. I would make a guess that the folks at ZA (and from what I am reading some of the other like security app providers) are probably working on a solution.
Some have reported that turning the security level for ZA down to medium will also work.
PS - BTW, thanks to PageOneResults for the link to doxpara.com - it looks like a patched or upgraded DNS server will indeed report as safe.
If you have a hardware firewall or NAT router, moving the ZoneAlarm Firewall "Internet Security" slider to Medium is a safe approach, and avoids having to uninstall the Microsoft update.
If you don't have a hardware firewall, this is not safe to do because it allows file and printer sharing with anyone on the internet. But frankly, I'm sot sure whether it's any more or less safe than uninstalling the Microsoft patches.
FAIL - Open DNS Servers
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Have you checked your DNS lately?
Your name server, at xx.xx.xx.xx, may be safe, but the NAT/Firewall in front of it appears to be interfering with its port selection policy. The difference between largest port and smallest port was only 40.
Please talk to your firewall or gateway vendor -- all are working on patches, mitigations, and workarounds.
The only one I know of that I would trust is the DNS Report. They don't offer it for free anymore and there are all sorts of copycats out there. I'll pay my dues and stick with the DNS Report. :)