DNS system hack - Are you safe?


#1

"A flaw was uncovered in the international DNS routing system and operating systems designed to use it. This was a basic flaw in the system itself, not specific to OS.

MS issued a fix Tuesday, as did Sun and a few others. The fix broke some software, such as Zone Alarm Firewalls, because they were designed around the flaw.

You can test your system, including your Internet Provider and network at:

doxpara.com/

If you find the flaw you should check for OS updates to fix it or notify your IP if it’s on their end. This is a permanent thing and will not go back to “normal” later."

I ventured to doxpara and deployed the “Check my DNS” and was given the following information…

[quote]Your name server, at 204.244.3.129, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 53

Do not be concerned at this time. IT administrators have only recently been apprised of this issue, and should have some time to safely evaluate and deploy a fix.Requests seen for ee8ffa8e8bfa.toorrr.com:
204.244.3.129:53 TXID=57425
204.244.3.129:53 TXID=52161
204.244.3.129:53 TXID=45882
204.244.3.129:53 TXID=11413
204.244.3.129:53 TXID=47995 [/quote]

Early yesterday morning, I received notification for Windows Updates.  I proceeded with it and restarted my computer as requested.  Upon reboot, I had no connectivity.  Because the cellphone system was down for several hours, I thought perhaps the entire coporatation of Citywest was on walk-out mode.  After a night of no internet and no cellphone, I rang citywest and spoke with a higher-up.  It was explained about the possible “DNS Cache Poisoning” and to try a system restore.  Sadly, that night I dumped about 1.2 gigs of data and performed a defrag, so doing a system restore would’ve taken a good hour.  Luckily the system restore did work and I was able to get obtain connectivity again.  I see that I have the bubble back to download updates to windows, but think I will wait until I hear they have fixed the faulty patch, or whatever it is.

Just thought if you are using Xp and can’t connect, this may be your reason.  It could also mean a whole new can of worms as well.  Who knows. :frowning:


#2

that’s awkward I installed the Windows updates last night before bed and I’m still connectible, maybe the issue’s been fixed :smile:

also, I’m gonna check to see if I’m vulnerable after work! :smile:


#3

I installed updates yesterday and today and lost connectivity…
had to restore on both occasions.


#4

sorry to hear that guys, I guess I was just lucky :smiley:


#5

My computer auto installed the updates this morning upon booting.  Luckily I looked here first and did a system restore before my system restarted and the updates went into effect. 


#6

Yea my friend was telling me about this earlier today.  She works tech support for an ISP and tons of people were calling about broken Zone Alarm or something because of the recent Windows updates.  People still use that?


#7

Mine is completely fine, I did updates a few days ago.


#8

[quote]Your name server, at Fri Jul 11 15:34:52 2008, appears to be safe.Requests seen for 7615d4f3812c.toorrr.com:
Fri Jul 11 15:34:52 2008:undefined TXID=undefined
204.244.3.129:53 TXID=48314
204.244.3.129:53 TXID=6460
204.244.3.129:53 TXID=43665
204.244.3.129:53 TXID=4534
204.244.3.129:53 TXID=947 [/quote]

Navigata fixed theirs.

We’ve noticed no calls at all so far. Not too many use ZoneAlarm, we haven’t recommended that one since about 1999.


#9