DNS flaw: attack code published

Printable View

July 24th, 2008, 02:30 PM
Negative

DNS flaw: attack code published

Sure didn't take long :)

Quote:

http://blogs.zdnet.com/security/?p=1545&tag=nl.e539
Exploit code for the flaw, which allows the insertion of malicious DNS records into the cache of the target nameserver, has been added to Metasploit, a freely distributed attack/pen-testing tool.

Attack code available here: http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
July 24th, 2008, 03:40 PM
LKP

Well, it was just a matter of time he he although the question could be if that attack code could be available as it's now if the details of the DNS flaw weren't leaked
July 25th, 2008, 01:44 AM
C:\Saw

OpenDNS--try it

it is free and much faster than your ISP's DNS servers :cool:

http://www.opendns.com/

(it does NOT suffer from this new DNS poisoning vulnerability)...for now

edit: there is no available linux client updater unfortunately
July 25th, 2008, 02:23 AM
Negative

I changed to OpenDNS a while ago after finding out that RoadRunner (TWC) still hasn't patched... I just checked, and they're still vulnerable (TWC, that is)...
July 25th, 2008, 03:48 AM
LKP

Quote:

Originally Posted by C:\Saw

edit: there is no available linux client updater unfortunately

Actually, there is, you can use inadyn, check here:
http://forums.opendns.com/comments.php?DiscussionID=157

and here:
http://fwennberg.blogspot.com/2007/0...ned-linux.html
July 28th, 2008, 11:21 PM
cross

There an easy way to tell if my ISP (comcast) is vuln or not?
Or should I just install openDNS to be on the safe side (used to have it, worked great)
July 28th, 2008, 11:57 PM
Negative

Quote:

There an easy way to tell if my ISP (comcast) is vuln or not?

Check http://www.doxpara.com/
July 29th, 2008, 07:02 AM
nihil

Otherwise try this:

https://www.dns-oarc.net/oarc/services/dnsentropy

From what I can gather Comcast is supposed to be OK now.

I have also heard that these tests can produce false negatives due to interactions between the test and other security measures in place on the servers?

:)
July 30th, 2008, 04:07 PM
Tachyon

Quote:

"It's funny," he said.(HD Moore of metasploit fame) "I got owned."

At least he has a sense of humor. His company, BreakPoint, uses AT&T which got owned presumably via his metasploit program.

http://www.networkworld.com/news/200...-a-victim.html
July 30th, 2008, 10:09 PM
KorpDeath

It's a far more serious problem than he is letting on here:
http://www.thetechherald.com/article...-was-NOT-Pwned

I have several customers that are having serious mail problems because ATT is, I believe, being attacked. A tech at ATT said he can have me change my customers DNS info but that'll only last so long as the extra load on those servers will cause a DOS also. So...

Hmmm.

Gotta love service providers.

All times are GMT +1. The time now is 04:16 PM.