[106295] in North American Network Operators' Group
Re: Exploit for DNS Cache Poisoning - RELEASED
daemon@ATHENA.MIT.EDU (Pete Carah)
Fri Jul 25 18:14:28 2008
Date: Fri, 25 Jul 2008 18:14:06 -0400
From: Pete Carah <pete@altadena.net>
To: nanog@nanog.org
In-Reply-To: <g3y73pslb4.fsf@nsa.vix.com>
Errors-To: nanog-bounces@nanog.org
Paul Vixie wrote:
> in <http://permalink.gmane.org/gmane.linux.redhat.fedora.general/306278>
> we see this text:
>
> The DNS attacks are starting!!!
>
> Below is a snippet of a logwatch from last night. Be sure all DNS
> servers are updated if at all possible. The spooks are out in full
> on this security vulnerability in force.
>
> THIS IS YOUR LAST WARNING...!!!
> Patch or Upgrade NOW!
>
> ...
>
> this ought to be an interesting weekend.
I saw much more than this *from the same address* starting two days ago,
and from several other blocks belonging to the same university starting
last week, to my home router and another server. So far my better
connected servers haven't been hit hard. (and no non-auto answer from
"security" at that university...)
-- Pete
