Security Incidents mailing list archives
Re: FW: Hack - DNS cache poisoning resurfacing on MS DNS?
From: David Ulevitch <davidu () everydns net>
Date: Thu, 17 Jan 2002 11:00:13 -0600
Hello Vidovic, Thursday, January 17, 2002, 8:32:10 AM, you wrote: Vidovic> hi there, Vidovic> We obviously got some cache poisoning recently. Vidovic> FYI: we are using MS DNS. Vidovic> Anyone got the same problems??? In your MS DNS Settings make sure to set: "Secure cache against pollution" I swear it's a real setting, why it isn't checked by default is beyond the life of me. (http://support.microsoft.com/default.aspx?scid=kb;EN-US;q241352) Vidovic> I've seen nothing on our IDS... You wouldn't. It's all done in standard DNS. Vidovic> PS: I CCed dnsmaster () ns3 domainname at just to check if he's aware of Vidovic> this... He may not be the one doing it. I could easily poison you and list ns1.yahoo.com as being authoritative for ".com". Vidovic> here's the stuff: Vidovic> It looks definitely like the old DNS cache poisoning trick: It is...but sometimes its on accident and sometimes not... Thanks, David Ulevitch mailto:davidu () everydns net Founder, EveryDNS.Net http://www.everydns.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- FW: Hack - DNS cache poisoning resurfacing on MS DNS? Vidovic,Zvonimir,VEVEY,GL-IS/CIS (Jan 17)
- Re: FW: Hack - DNS cache poisoning resurfacing on MS DNS? David Ulevitch (Jan 17)