DNS system hack - Are you safe?

system · July 10, 2008, 11:14am

"A flaw was uncovered in the international DNS routing system and operating systems designed to use it. This was a basic flaw in the system itself, not specific to OS.

MS issued a fix Tuesday, as did Sun and a few others. The fix broke some software, such as Zone Alarm Firewalls, because they were designed around the flaw.

You can test your system, including your Internet Provider and network at:

doxpara.com/

If you find the flaw you should check for OS updates to fix it or notify your IP if it’s on their end. This is a permanent thing and will not go back to “normal” later."

I ventured to doxpara and deployed the “Check my DNS” and was given the following information…

[quote]Your name server, at 204.244.3.129, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 53

Do not be concerned at this time. IT administrators have only recently been apprised of this issue, and should have some time to safely evaluate and deploy a fix.Requests seen for ee8ffa8e8bfa.toorrr.com:
204.244.3.129:53 TXID=57425
204.244.3.129:53 TXID=52161
204.244.3.129:53 TXID=45882
204.244.3.129:53 TXID=11413
204.244.3.129:53 TXID=47995 [/quote]

Early yesterday morning, I received notification for Windows Updates. I proceeded with it and restarted my computer as requested. Upon reboot, I had no connectivity. Because the cellphone system was down for several hours, I thought perhaps the entire coporatation of Citywest was on walk-out mode. After a night of no internet and no cellphone, I rang citywest and spoke with a higher-up. It was explained about the possible “DNS Cache Poisoning” and to try a system restore. Sadly, that night I dumped about 1.2 gigs of data and performed a defrag, so doing a system restore would’ve taken a good hour. Luckily the system restore did work and I was able to get obtain connectivity again. I see that I have the bubble back to download updates to windows, but think I will wait until I hear they have fixed the faulty patch, or whatever it is.

Just thought if you are using Xp and can’t connect, this may be your reason. It could also mean a whole new can of worms as well. Who knows.

system · July 10, 2008, 10:54pm

that’s awkward I installed the Windows updates last night before bed and I’m still connectible, maybe the issue’s been fixed

also, I’m gonna check to see if I’m vulnerable after work!

system · July 10, 2008, 11:58pm

I installed updates yesterday and today and lost connectivity…
had to restore on both occasions.

system · July 11, 2008, 7:43am

sorry to hear that guys, I guess I was just lucky

system · July 11, 2008, 8:02am

My computer auto installed the updates this morning upon booting. Luckily I looked here first and did a system restore before my system restarted and the updates went into effect.

system · July 11, 2008, 8:17am

Yea my friend was telling me about this earlier today. She works tech support for an ISP and tons of people were calling about broken Zone Alarm or something because of the recent Windows updates. People still use that?

system · July 11, 2008, 8:55am

Mine is completely fine, I did updates a few days ago.

system · July 11, 2008, 3:37pm

[quote]Your name server, at Fri Jul 11 15:34:52 2008, appears to be safe.Requests seen for 7615d4f3812c.toorrr.com:
Fri Jul 11 15:34:52 2008:undefined TXID=undefined
204.244.3.129:53 TXID=48314
204.244.3.129:53 TXID=6460
204.244.3.129:53 TXID=43665
204.244.3.129:53 TXID=4534
204.244.3.129:53 TXID=947 [/quote]

Navigata fixed theirs.

We’ve noticed no calls at all so far. Not too many use ZoneAlarm, we haven’t recommended that one since about 1999.