Security Incidents mailing list archives
RE: DNS cache poisoning?
From: "Rabinowitz, Michael CTR MDA/ION" <Michael.Rabinowitz.CTR () mda mil>
Date: Wed, 17 Aug 2005 06:51:39 -0400
Hi, The error message below is probably unrelated to the crashing. Domains that resolve to resalehost.networksolutions.com are simply domains that have expired with Network Solutions. You'll have to do a little more investigating into the crashing. Also, to echo what others have said: Whether it's a move to Win2k or a switch to Unix, it is definitely time to upgrade. Mike -----Original Message----- From: Willard Van Dyne [mailto:wvandyne () hotpop com] Sent: Monday, August 15, 2005 11:28 PM To: incidents () securityfocus com Subject: DNS cache poisoning? Good day! Our DNS server has been crashing far too frequently as of late. The OS is WinNT4 SP6. Many of the error messages in the system log goes like this: "6/26/05,1:43:58 PM,Dns,Error,None,5108,N/A,DNS,DNS Server created CNAME loop loading CNAME at resalehost.networksolutions.com.. One link in CNAME loop: DNS name resalehost.networksolutions.com. is alias for CNAME resalehost.networksolutions.com.. See adjoining messages for other links in CNAME loop." A Google search about the problem gets us reports that this looks like a "cache corruption" vulnerability on Windows NT servers, and has to be patched. Is this true in our case? If so, why is networksolutions.com doing this? If not, is our network under attack by some other means? I hope someone can enlighten us. Thanks!
Current thread:
- DNS cache poisoning? Willard Van Dyne (Aug 16)
- Re: DNS cache poisoning? Joel Esler (Aug 16)
- Re: DNS cache poisoning? Willard Van Dyne (Aug 16)
- Re: DNS cache poisoning? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 17)
- Re: DNS cache poisoning? Willard Van Dyne (Aug 16)
- RE: DNS cache poisoning? James C Slora Jr (Aug 17)
- <Possible follow-ups>
- Re: DNS cache poisoning? chad (Aug 16)
- Re: DNS cache poisoning? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 17)
- Re: DNS cache poisoning? David Pick (Aug 17)
- RE: DNS cache poisoning? Rabinowitz, Michael CTR MDA/ION (Aug 17)
- Re: DNS cache poisoning? chad (Aug 18)
- Message not available
- Re: DNS cache poisoning? David Glosser (Aug 22)
- Message not available
- Re: DNS cache poisoning? Joel Esler (Aug 16)