DNS Poisoning, pharming, pollution
- From: "Jerry" <jerry.giacinto@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 21 Jun 2005 17:17:27 -0700
Hi,
I'm running Windows 2003 and have 4 DNS servers setup on the network.
Every server is configured with our ISP's DNS resolvers as forwarders.
About 2 weeks ago, users trying to go to microsoft.com, google.com, and some
other sites were getting redirected to a "search" page that didn't look very
trustworthy. I ran a ping on the names and received addresses in the
67.15.35.* block. After blocking web traffic to this class C at the
firewall and reading several topics on the subject, I cleared the cache on
all 4 DNS servers, and haven't seen any signs of misdirection until today.
Today, it is azcentral.com (a local TV station website) that is being
misdirected. Two weeks ago, I assumed that the faulty records were coming
from the ISP, but now I don't think that's true. The "secure cache against
pollution" setting is on (as it is by default), but I have read that
vulnerabilities may still exist. Unfortunately, I'm not sure how to protect
my network further. I've read that certain versions of BIND have
vulnerabilities, but I don't think we're running BIND. I'm no DNS expert,
so please bear with me. It appears the attacks are coming from within, and
possibly from an infected client(?). Could someone lead me to some
information that might help me locate the source of the attacks and how to
stop them?
Thank you,
Jerry
.
- Follow-Ups:
- Re: DNS Poisoning, pharming, pollution
- From: Ace Fekay [MVP]
- Re: DNS Poisoning, pharming, pollution
- Prev by Date: Re: AD & Bind Configuration
- Next by Date: DNSApi Event Log Error ID: 11160
- Previous by thread: internet lookups go to wrong DNS server
- Next by thread: Re: DNS Poisoning, pharming, pollution
- Index(es):
Relevant Pages
|
