Re: FW: Hack - DNS cache poisoning resurfacing on MS DNS?

[David Ulevitch <davidu () everydns net>]

Hello Vidovic,

Thursday, January 17, 2002, 8:32:10 AM, you wrote:

Vidovic> hi there,

Vidovic> We obviously got some cache poisoning recently.
Vidovic> FYI: we are using MS DNS.
Vidovic> Anyone got the same problems???

In your MS DNS Settings make sure to set:
"Secure cache against pollution"

I swear it's a real setting, why it isn't checked by default is beyond
the life of me.
(http://support.microsoft.com/default.aspx?scid=kb;EN-US;q241352)

Vidovic> I've seen nothing on our IDS...

You wouldn't.  It's all done in standard DNS.

Vidovic> PS: I CCed dnsmaster () ns3 domainname at just to check if he's aware of
Vidovic> this...

He may not be the one doing it.  I could easily poison you and list
ns1.yahoo.com as being authoritative for ".com".

Vidovic> here's the stuff:
Vidovic> It looks definitely like the old DNS cache poisoning trick:

It is...but sometimes its on accident and sometimes not...

Thanks,
 David Ulevitch                           mailto:davidu () everydns net
 Founder, EveryDNS.Net                    http://www.everydns.net



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com