[78530] in North American Network Operators' Group
Re: DNS Blackhole attack
daemon@ATHENA.MIT.EDU (Rachael Treu)
Mon Mar 7 14:51:36 2005
Date: Mon, 7 Mar 2005 13:40:56 -0600
From: Rachael Treu <rara@navigo.com>
To: Ketil Froyn <kfroyn@gnr.com>
Cc: "william(at)elan.net" <william@elan.net>, nanog@nanog.org
In-Reply-To: <1110195533.2836.60.camel@ketil>
Errors-To: owner-nanog@merit.edu
On Mon, Mar 07, 2005 at 11:38:53AM +0000, Ketil Froyn said something to the effect of:
>
> On Sat, 2005-03-05 at 14:43 -0800, william(at)elan.net wrote:
>
> > Global DNS cache poisoning attack?; Update...
>
> It's a bit frustrating that problems this old and well-known can
> actually be used to cause damage.
Uh...see tcp ports 135 through 139, and give thought to smtp
as a protocol. And I hear the water is lovely in nis, nfs, and
rpc this time of year... ;P
>
> The easiest way to check if you are vulnerable to DNS poisoning is to
> try to poison yourself. Try my "poison yourself" page here:
>
> http://ketil.froyn.name/poison.html
Nice, handy resource.
What's up with the patching problems, btw?
whee,
--ra
--
k. rachael treu, CISSP rara@navigo.com
..quis custodiet ipsos custodes?..
>
> It tries to redirect www.example.com to a fake IP (the same one as I
> host my website on), where I have a virtualhost for www.example.com with
> a plain html page. It'll tell you if you were poisoned.
>
> Cheers,
> Ketil Froyn
>
