Security Basics mailing list archives
RE: DNS flaw for home users...
From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Tue, 29 Jul 2008 08:32:37 +1000
Aha-we possibly have a 'chicken and egg race' here, if we're being super paranoid. Can they check their home DNS setup using the doxpara or the dns-oarc tools before the cache gets poisoned and they get sent to a fake doxpara site and then can't trust anything? Lol. I suppose the best thing would be to switch to OpenDNS anyway. Seriously though, that's a good point. It's a similar thing to our process of making sure their home machines aren't used to connect to our network; why? because we can't be assured that their home machines are free of spyware etc. Whereas we have a greater degree of confidence with regards to their laptops. So, I think you're doing what I am here. Making sure they are guided as much as possible. My interest was less for the home to work connections as it was with just building awareness and telling them to contact their ISP if the test comes up poor or to switch to OpenDNS as you and others have suggested.
-----Original Message----- From: Petter Bruland [mailto:pbruland () fcglv com] Sent: Tuesday, July 29, 2008 3:06 AM To: Ayaz Ahmed Khan; Murda Mcloud Cc: security-basics () securityfocus com Subject: RE: DNS flaw for home users... Now for the next step, how do you get your home users to do just that? I only have a handful of employees who also have VPN access back to our office, and I'm making my rounds to make sure they are using OpenDNS. The rest were emailed a PDF with step by step instructions on how to change their home router, and soon I will be getting support calls from them I bet. ** If anyone related to the OpenDNS project reads this list, thank you!! ** -Petter -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ayaz Ahmed Khan Sent: Saturday, July 26, 2008 7:55 AM To: Murda Mcloud Cc: security-basics () securityfocus com Subject: Re: DNS flaw for home users... On Thu, Jul 24, 2008 at 8:42 AM, Murda Mcloud <murdamcloud () bigpond com> wrote:Bit of searching netted me this on Kaminsky's site: http://www.doxpara.com/ Click on the DNS checker. Also here: https://www.dns-oarc.net/ the second one gives pretty graphs.Home users whose ISPs have not patched the DNS servers/resolvers should consider using DNS servers that are already patched. OpenDNS is one of them. -- Ayaz Ahmed Khan "I'm returning this note to you, instead of your paper, because it (your paper) presently occupies the bottom of my bird cage." -- English Professor, Providence College
Current thread:
- DNS flaw for home users... Murda Mcloud (Jul 24)
- <Possible follow-ups>
- RE: DNS flaw for home users... Murda Mcloud (Jul 24)
- Re: DNS flaw for home users... Ayaz Ahmed Khan (Jul 27)
- RE: DNS flaw for home users... Petter Bruland (Jul 28)
- RE: DNS flaw for home users... Murda Mcloud (Jul 29)
- Re: DNS flaw for home users... Ayaz Ahmed Khan (Jul 27)