April 6th, 2005, 02:36 PM
Attack's on DNS system's - an article
Source : http://enterprisesecurity.symantec.c...articleid=5520
The SANS Institute's Internet Storm Center (ISC) issued a warning on Thursday about the new attacks, which corrupt some DNS (domain name system) servers so that requests for .com sites sent to those servers connect users instead to Web sites maintained by the attackers. News of the new attacks comes amid increasing reports of pharming scams, and statistics that show at least 1,300 Internet domains were redirected to compromised Web servers in a similar attack earlier in early March.
April 6th, 2005, 02:50 PM
Because of these attacks, the Internet Storm Center has raised it's threat level to yellow from green.
The yellow level is defined as:
We are currently tracking a significant new threat. The impact is either unknown or expected to be minor to the infrastructure. However, local impact could be significant. Users are adviced to take immediate specific action to contain the impact. Example: 'MSBlaster' worm outbreak.
April 6th, 2005, 04:37 PM
Interesting.......thanks for the heads up.
April 6th, 2005, 05:22 PM
In case you want it: the ISC Handler's Diary (http://isc.sans.org/).
Also - just in case you don't have it MS Information Links:
"DNS Server Secure Cache Against Pollution Setting":
Which also has a link for "How to Prevent DNS Cache Pollution":
April 7th, 2005, 03:53 AM
Users are adviced to take immediate specific action to contain the impact. Example: 'MSBlaster' worm outbreak.
I dunno if you guys know how much it sucks to have been working a Dial up Network Operations Center when that hit. We are running MAX ASCEND TNT Access Servers.. anyways they usually take about 552 calls, and route then to the internet at their dial up speed. We have 52 of these. SO thats like, 28,704 users online that i manage. NOT including the outsourced POPs.
SO imagine, when 28,704 dial up users start scanning at a flood like rate. A DS3 is plugged into each Access Server to provide bandwidth for the users... apparently... 552 users scanning at once is far more than 40 MBPS. (DS3 cap)
Needless to say, it was like a dos attack on our access servers. It was a nightmare for like 3 hour dial up downtime, till we found a filter that stopped the scanners packets.
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2
April 8th, 2005, 04:29 PM
Sorry to raise an old thread, but it looks like Comcast Broadband got his with this in chicago last night. I'm a home user so it's impossibe to get any real information from tech support. Our DNS servers went down, but everything else was fine. I was able to resolve 2 addresses, a google search, and then a regular website I visit, but the speed was comparable to an old 14.4 modem. It appears that they were having some real big problems. My first call to them gave me an automatic message saying that there was a service interruption and that their call center was slammed. I called again and actually got someone (in less time then when there isn't a service interruption...quite odd) but they said that all of their DNS servers were down. I asked them if they knew any public ones for me to connect to, or backups, and dude said "If there are, they're down too" "You can surf by IP address though" at this point i thanked them for their lack of foresight in not even having a public backup of some kind. I phoned a buddy of mine and got a public DNS server and it managed to work, but i was experiencing an incredible amount of lag. I chocked it up to travel time in the resolving of the names, but it didn't seem right. Anyhoo, all's back to normal, but I can't help but think that Comcast got popped by this last night.
<edited because i'm a retard and can't make a clear point. i love mornings>