Home > Security > Shorter Details

Shorter Details

Different analogy:

Before the attack:  A bad guy has a one in sixty five thousand chance of stealing your Internet connection, but he can only try once every couple of hours.

After the attack:  A bad guy has a one in sixty five thousand chance of stealing your Internet connection, and he can try a couple thousand times a second.

After the patch: A bad guy has a one in a couple hundred million, or even a couple billion chance of stealing your Internet connection.  He can still try to do so a couple thousand times a second, but it’s going to make a lot of noise.

Categories: Security
  1. sharada rao
    July 27, 2008 at 2:35 am

    how can we opt or choose a server it is the prerogative of internet provider.

  2. July 27, 2008 at 7:36 am

    I’ve tried the “Check your DNS” using IE. I get mixed results – about 2/3 of the time it says the DNS is vulnerable, the other times it says it appears OK. I don’t know what to make of that.

  3. July 27, 2008 at 10:31 am

    Buck: You almost certainly have more than one DNS server (quite possibly three different servers listed in your config). This probably means one of the three servers you use is properly secured, while the other two are not.

    Sharada: No, unless your ISP has particularly draconian port filtering you’re free to use OpenDNS or run your own DNS server.

    I’m very glad both of the tool here, and of the existence of DNS servers paranoid enough to have been secure against this attack anyway – just a little concerned my Win2003 server still hasn’t received a patch from MS. (I’ve secured it in other ways, so it isn’t a problem for the users of that server, but still…)

  4. Rodney Buike
    July 27, 2008 at 4:25 pm

    James there has been a patch avaiable since July 8th.

    http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

  5. Nicholas Weaver
    July 28, 2008 at 1:11 pm

    Better yet: Don’t cache glue: An attacker now can only try once every few hours regardless of the attack space.

  6. July 28, 2008 at 8:34 pm

    Perhaps a picture helps make this clear?

    For a graphical before and after picture of the bind patch take a look at these graphs:

    http://www.coverfire.com/archives/2008/07/26/dns-query-udp-source-port-graphs/

    For more interesting DNS graphs (not patch related):

    http://www.coverfire.com/archives/2008/07/28/more-fun-with-dns-packet-captures/

    [Sorry, to pimp my own site but I think these graphs are interesting.]

  7. July 29, 2008 at 9:15 am

    Rodney: I’d seen the patch; it turns out the WSUS server was having some unrelated issues, since resolved.

    Interestingly – or scarily – when I tested over the weekend, *all* of BT’s DNS servers appeared vulnerable (scoring ‘POOR’ on the dns-oarc test, with sub-150 SDs). My own home ISP’s servers are fine, though.

  1. July 28, 2008 at 1:45 am
  2. August 1, 2008 at 7:27 am
  3. August 3, 2008 at 7:28 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: