Re: FW: Hack - DNS cache poisoning resurfacing on MS DNS?

From: David Ulevitch (davidu@everydns.net)
Date: 01/17/02 

Date: Thu, 17 Jan 2002 11:00:13 -0600
From: David Ulevitch <davidu@everydns.net>
To: "Vidovic,Zvonimir,VEVEY,GL-IS/CIS" <Zvonimir.Vidovic@nestle.com>

Hello Vidovic,

Thursday, January 17, 2002, 8:32:10 AM, you wrote:

Vidovic> hi there,

Vidovic> We obviously got some cache poisoning recently.
Vidovic> FYI: we are using MS DNS.
Vidovic> Anyone got the same problems???

In your MS DNS Settings make sure to set:
"Secure cache against pollution"

I swear it's a real setting, why it isn't checked by default is beyond
the life of me.
(http://support.microsoft.com/default.aspx?scid=kb;EN-US;q241352)

Vidovic> I've seen nothing on our IDS...

You wouldn't. It's all done in standard DNS.

Vidovic> PS: I CCed dnsmaster@ns3.domainname.at just to check if he's aware of
Vidovic> this...

He may not be the one doing it. I could easily poison you and list
ns1.yahoo.com as being authoritative for ".com".

Vidovic> here's the stuff:
Vidovic> It looks definitely like the old DNS cache poisoning trick:

It is...but sometimes its on accident and sometimes not...

Thanks,
 David Ulevitch mailto:davidu@everydns.net
 Founder, EveryDNS.Net http://www.everydns.net

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages