tor provided me first warning of corrupted ISP name servers
Sven Anderson
sven at anderson.de
Sun Aug 24 21:07:25 UTC 2008
Am 24.08.2008 um 20:10 schrieb Scott Bennett:
>> I guess OpenDNS.com has become quite popular, since Dan Kaminsky =20
>> himself proposed to use it, if you have no chance to fix your DNS =20
>> against the recently published security hole. So if your provider =20
>
> Oh? What is this new hole? I haven't heard much lately about
> named(8)
> or resolver routines in terms of current problems with them.
It's not a problem of named. It's a problem of the DNS system itself.
The new attack is a sophisticated variant of cache poisoning. There
was a lot fuss about it in the last months. Here is a good explanation
of Kaminskis attack: http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
The interim fix is that recursing resolvers have to use random source
ports for queries. Since almost no DNS server was doing this, all of
them have to be patched. As of now about 50% are patched. You can
check your own vulnerability at http://www.doxpara.com/
Cheers,
Sven
--
http://sven.anderson.de "Believe those who are seeking the truth.
tel: +49-551-9969285 Doubt those who find it."
mobile: +49-179-4939223 (André Gide)
More information about the tor-talk
mailing list