Home > Security > Shorter Details

Shorter Details

July 26, 2008 Leave a comment Go to comments

Different analogy:

Before the attack:  A bad guy has a one in sixty five thousand chance of stealing your Internet connection, but he can only try once every couple of hours.

After the attack:  A bad guy has a one in sixty five thousand chance of stealing your Internet connection, and he can try a couple thousand times a second.

After the patch: A bad guy has a one in a couple hundred million, or even a couple billion chance of stealing your Internet connection.  He can still try to do so a couple thousand times a second, but it’s going to make a lot of noise.

Categories: Security
  1. sharada rao
    July 27, 2008 at 2:35 am
    Reply

    how can we opt or choose a server it is the prerogative of internet provider.

  2. Buck Horton
    July 27, 2008 at 7:36 am
    Reply

    I’ve tried the “Check your DNS” using IE. I get mixed results – about 2/3 of the time it says the DNS is vulnerable, the other times it says it appears OK. I don’t know what to make of that.

  3. James Sutherland
    July 27, 2008 at 10:31 am
    Reply

    Buck: You almost certainly have more than one DNS server (quite possibly three different servers listed in your config). This probably means one of the three servers you use is properly secured, while the other two are not.

    Sharada: No, unless your ISP has particularly draconian port filtering you’re free to use OpenDNS or run your own DNS server.

    I’m very glad both of the tool here, and of the existence of DNS servers paranoid enough to have been secure against this attack anyway – just a little concerned my Win2003 server still hasn’t received a patch from MS. (I’ve secured it in other ways, so it isn’t a problem for the users of that server, but still…)

  4. Rodney Buike
    July 27, 2008 at 4:25 pm
    Reply

    James there has been a patch avaiable since July 8th.

    http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

  5. Nicholas Weaver
    July 28, 2008 at 1:11 pm
    Reply

    Better yet: Don’t cache glue: An attacker now can only try once every few hours regardless of the attack space.

  6. Dan Siemon
    July 28, 2008 at 8:34 pm
    Reply

    Perhaps a picture helps make this clear?

    For a graphical before and after picture of the bind patch take a look at these graphs:

    http://www.coverfire.com/archives/2008/07/26/dns-query-udp-source-port-graphs/

    For more interesting DNS graphs (not patch related):

    http://www.coverfire.com/archives/2008/07/28/more-fun-with-dns-packet-captures/

    [Sorry, to pimp my own site but I think these graphs are interesting.]

  7. James Sutherland
    July 29, 2008 at 9:15 am
    Reply

    Rodney: I’d seen the patch; it turns out the WSUS server was having some unrelated issues, since resolved.

    Interestingly – or scarily – when I tested over the weekend, *all* of BT’s DNS servers appeared vulnerable (scoring ‘POOR’ on the dns-oarc test, with sub-150 SDs). My own home ISP’s servers are fine, though.

  1. July 28, 2008 at 1:45 am
    MondoWin.com » Blog Archive » Sale la preoccupazione per le vulnerabilità sui DNS
  2. August 1, 2008 at 7:27 am
    Detalles (resumiendo) | Enchufa2
  3. August 3, 2008 at 7:28 am
    Howto Set OpenDNS as your DNS in a DHCP Environment. | Something Wicked...

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: