Home > Security > Further correction

Further correction

July 26, 2008 Leave a comment Go to comments

Far more than 52% of servers are vulnerable.  But unique servers that I actually see people using — that actually have people clicking my tester link — this population is actually getting safer by the day.

Categories: Security
  1. Matt
    July 26, 2008 at 7:10 pm
    Reply

    Keep up the good work. A lot of us appreciate the huge effort you are putting forth to mitigate this issue.

  2. jimtuller
    July 26, 2008 at 8:50 pm
    Reply

    Thanks for all the hard work on this.

    Running the dns-oarc test repeatedly against a major telecom isp, they seem to have a lot of different servers and if I am interpreting this correctly, about 40% are patched at this hour. So maybe a bunch of folks are working late on this…

  3. Stan
    July 26, 2008 at 10:50 pm
    Reply

    Hey Heard you on RadioLive, THANKS. Although you said Xnet’s servers were still vulnerable I used you checker and if I’m understanding it correctly I’m ok.

    again thanks!

  4. ram s
    July 27, 2008 at 3:43 am
    Reply

    sir i have put a link on my website http://www.pcguru.co.nr
    to your website to help people know about the vulnerability. Hope all our pcs are safe. many thanx for ur effort

  5. Kallol Das
    July 27, 2008 at 5:18 am
    Reply

    thanks for your good effort and guidance………

  6. kento petersen
    July 27, 2008 at 9:04 am
    Reply

    Thanks for all the hard work on this.
    We got our first server safe after a router/firewall upgrade (the dns server it self had already got the update before we found your test site).
    the tester works great, but would be nice if there was a place to insert the dns server to test. 😉

  7. L. Taylor
    July 27, 2008 at 10:00 am
    Reply

    I see a lot of people saying “it would be nice if you could put in the DNS server to test.”

    The tester works by passively monitoring the queries from your DNS server. When you click on the link, your computer asks your resolver (whatever it is) and Dan’s tester just listens.

    In order to let you enter the DNS server to test, the tester would have to ask your server to do the recursive lookups.

    If it does, you’ve already flunked the test. Badly.

  8. Antonio
    July 27, 2008 at 11:53 am
    Reply

    Sorry for my English.
    Tanks a lot. My provider don’t upgrade the servers, and the connection isn’t safe.
    I use openDNS.org. Very ok.
    From Italy.
    Bye
    Antonio

  9. netsecurity
    July 27, 2008 at 12:11 pm
    Reply

    Hi Dan,

    It would be real helpful if the IP address that is being used for the DNS check is appended to the results.

    I’m not sure which DNS the button is checking as I sit behind a firewall/router with three DNS IPs that could be used in rotation because of timeouts.

    It so happens that for me, one of them is a major backbone DNS, one is the DSL specific DNS, and one is the DNS of the web hosting service that I use.

    I’ve had DNS problems over the last several days – maybe because of patching – so it would be real nice to know which one is commonly being used.

    Thanks for the good work. Also I love your sense of humor and having your daughter – very cute – do the YouTube bit. Not many experts are that real about themselves and that they can make a mistake in judgment about the best way to solve a major problem.

    Best Regards

  10. Hristo
    July 27, 2008 at 12:22 pm
    Reply

    Here in Spain the biggest ISP (Telefonica) hasn’t patched the DNS servers yet, i’ve talked with some operators about that and they even dont know about this issue.

    So, they told me to change to some other DNS server if i have some problems ¬¬.. the problem is that 95% of their clients use the default DNS server…and they dont even plan to patch it.. pathetic IMHO xD

  11. netsecurity
    July 27, 2008 at 12:25 pm
    Reply

    Take back my prior comment about the DNS server IP as I had NoScript enabled on Firefox and it was blocking the results. Ooops. 😦

  12. Justin Bull
    July 29, 2008 at 4:08 pm
    Reply

    Rogers Cable (Canada) is an ISP that remains unpatched. I just found out now and currently using OpenDNS.

    How do we get ours ISPs to patch? Phone and complain?

  13. patan
    August 4, 2008 at 2:36 pm
    Reply

    todayy i switched to Opendns and say it is secure and the ports are completly random.

    Also i added some trustable ips to he host files to point to the right domains.

    I did complain and my ISP did not know anything about this flaw and they won’t patch it, but i hope the 7th of August when Dan will release the full details and everybody have acces to it will patch the servers.

    I don’t realy get why you did not show the details to the worls when you discovered because the half of worldwide ISP are full of dickheads.

  14. Karl Jones
    August 5, 2008 at 7:30 am
    Reply

    Any updated guess on what percentage of servers are patched at this point (8/5/8)?

  1. August 1, 2008 at 6:12 am
    Dennis Baaten Blog » DNS protocol onveilig

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: