Results 1 to 6 of 6

Thread: Attack's on DNS system's - an article

  1. #1
    Join Date
    Aug 2004

    Post Attack's on DNS system's - an article


    Source : http://enterprisesecurity.symantec.c...articleid=5520

    The SANS Institute's Internet Storm Center (ISC) issued a warning on Thursday about the new attacks, which corrupt some DNS (domain name system) servers so that requests for .com sites sent to those servers connect users instead to Web sites maintained by the attackers. News of the new attacks comes amid increasing reports of pharming scams, and statistics that show at least 1,300 Internet domains were redirected to compromised Web servers in a similar attack earlier in early March.

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    The Great White North
    Because of these attacks, the Internet Storm Center has raised it's threat level to yellow from green.

    The yellow level is defined as:

    We are currently tracking a significant new threat. The impact is either unknown or expected to be minor to the infrastructure. However, local impact could be significant. Users are adviced to take immediate specific action to contain the impact. Example: 'MSBlaster' worm outbreak.

  3. #3
    Interesting.......thanks for the heads up.

  4. #4
    Senior Member
    Join Date
    Jan 2005
    In case you want it: the ISC Handler's Diary (http://isc.sans.org/).

    Also - just in case you don't have it MS Information Links:

    "DNS Server Secure Cache Against Pollution Setting":

    Which also has a link for "How to Prevent DNS Cache Pollution":
    \"An ant may well destroy a whole dam.\" - Chinese Proverb
    \"Not only can water float a craft, it can sink it also.\" - Chinese Proverb


  5. #5
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Users are adviced to take immediate specific action to contain the impact. Example: 'MSBlaster' worm outbreak.

    I dunno if you guys know how much it sucks to have been working a Dial up Network Operations Center when that hit. We are running MAX ASCEND TNT Access Servers.. anyways they usually take about 552 calls, and route then to the internet at their dial up speed. We have 52 of these. SO thats like, 28,704 users online that i manage. NOT including the outsourced POPs.

    SO imagine, when 28,704 dial up users start scanning at a flood like rate. A DS3 is plugged into each Access Server to provide bandwidth for the users... apparently... 552 users scanning at once is far more than 40 MBPS. (DS3 cap)

    Needless to say, it was like a dos attack on our access servers. It was a nightmare for like 3 hour dial up downtime, till we found a filter that stopped the scanners packets.

    ah memories...
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  6. #6
    Join Date
    Oct 2002
    Sorry to raise an old thread, but it looks like Comcast Broadband got his with this in chicago last night. I'm a home user so it's impossibe to get any real information from tech support. Our DNS servers went down, but everything else was fine. I was able to resolve 2 addresses, a google search, and then a regular website I visit, but the speed was comparable to an old 14.4 modem. It appears that they were having some real big problems. My first call to them gave me an automatic message saying that there was a service interruption and that their call center was slammed. I called again and actually got someone (in less time then when there isn't a service interruption...quite odd) but they said that all of their DNS servers were down. I asked them if they knew any public ones for me to connect to, or backups, and dude said "If there are, they're down too" "You can surf by IP address though" at this point i thanked them for their lack of foresight in not even having a public backup of some kind. I phoned a buddy of mine and got a public DNS server and it managed to work, but i was experiencing an incredible amount of lag. I chocked it up to travel time in the resolving of the names, but it didn't seem right. Anyhoo, all's back to normal, but I can't help but think that Comcast got popped by this last night.

    <edited because i'm a retard and can't make a clear point. i love mornings>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts