Re: DNS spoofing - security problems...

From: Roger Abell (mvpNoSpam_at_asu.edu)
Date: 12/22/04

• Next message: Whyme: "DNS problem???"
• Previous message: Ace Fekay [MVP]: "Re: Hi, I'm new here. What is this "windows" you speak of?"
• In reply to: Chris: "DNS spoofing - security problems..."
• Next in thread: Chris: "Re: DNS spoofing - security problems..."
• Reply: Chris: "Re: DNS spoofing - security problems..."
• Messages sorted by: [ date ] [ thread ]

Date: Wed, 22 Dec 2004 07:25:24 -0700

Next time around we really need to get info on what is in the cache,
as obviously that is the source of propagation to your clients.

-- 
Roger
"Chris" <chris23@ic-2000.com> wrote in message
news:irZxd.14260$8V5.9878@fe10.lga...
> This morning on of our DNS servers started responding to all requests with
> the same IP address.  The only exceptions were sites that the server was
> authoritative for.  I fixed it by clearing the cache, but I have to wonder
> how this is happening.  This server runs Windows 2000 dns and has the
> "secure cache against pollution" option set (and I confirmed it in the
> registry).
>
> I contacted Microsoft and they had no idea what might be happening.  They
> thought that one of the root servers may have been compromised.  I find
this
> hard to believe however.  I found this link on the web:
> http://www.atsnn.com/story/105049.html which describes a similar
situation.
> It appears that this has occured to others over the last few weeks, and
any
> root server problems probably would have been dealt with.
>
> Has anyone seen this before.  It seems like a vulnerability that has not
yet
> been addressed.  However, maybe its just a vulnerability in DNS in
general.
> Any thoughts?
>
>

• Next message: Whyme: "DNS problem???"
• Previous message: Ace Fekay [MVP]: "Re: Hi, I'm new here. What is this "windows" you speak of?"
• In reply to: Chris: "DNS spoofing - security problems..."
• Next in thread: Chris: "Re: DNS spoofing - security problems..."
• Reply: Chris: "Re: DNS spoofing - security problems..."
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Re: [WARNING] The DNS Resolver Cache service is not running. ... It prevents anyone (at least on the server) from ... receiving, DNS Resolver Cache no running, so sorry. ... DHCP Client Service ... (microsoft.public.win2000.dns) POHMELFS high performance network filesystem release. ... I'm please to announce POHMEL high performance network filesystem. ... POHMELFS stands for Parallel Optimized Host Message Exchange Layered File System. ... Local coherent cache for data and metadata. ... Very fast and scalable multithreaded userspace server. ... (Linux-Kernel) POHMELFS high performance network filesystem. Transactions, failover, performance. ... I'm please to announce POHMEL high performance network filesystem. ... POHMELFS stands for Parallel Optimized Host Message Exchange Layered File System. ... This is a high performance network filesystem with local coherent cache of data ... Very fast and scalable multithreaded userspace server. ... (Linux-Kernel) Re: DNS Poisoning, pharming, pollution ... running Windows 2003 and have the "secure cache against pollution" setting ... the next thing to look for would be a malicious program on the server. ... >> Every server is configured with our ISP's DNS resolvers as forwarders. ... but I don't think we're running BIND. ... (microsoft.public.windows.server.dns) Re: SCO: ISPs are blocking our site Blake Stowell ... >nameserver would perform the lookup only once per hour. ... the name in cache, will look to the next one up the list, and then ... A kill -2 on the named server generates a memory dump of the memory ... - which is the comment in a dns system. ... (comp.unix.sco.misc)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint