Most of the vendors have released patches/upgrades for the DNS Cache Poisoning attack.So the best approach is to patch/upgrade the vulnerable devices.
Thanks, Aditya Govind Mukadam On Fri, Jul 18, 2008 at 7:14 AM, Michael Rash <[EMAIL PROTECTED]> wrote: > In addition to detection, how about prevention? There is a an easy way > to thwart the attack (most likely) for those DNS servers that are deployed > on (or behind) either Linux or OpenBSD without patching the DNS server > (which is preferrable of course, but not everyone can): > > http://www.cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-attacks-with-iptables.html > http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.html > > --Mike > > > On Jul 17, 2008, Joel Esler wrote: > >> There are Shared Object rules available for the DNS Cache Poisoning attack >> that are VRT certified available via subscription at www.snort.org. >> >> J >> >> On Jul 16, 2008, at 10:38 PM, Ravi Chunduru wrote: >> >>> Does anybody have snort or Intrupro-IPS signature(s) to detect DNS >>> Cache Poisoning attack? >>> Also, is there any PoC to simulate the attack and test the >>> effectiveness of signature(s)? >>> >>> thanks >>> Ravi >>> >>> ------------------------------------------------------------------------ >>> Test Your IDS >>> >>> Is your IDS deployed correctly? >>> Find out quickly and easily by testing it >>> with real-world attacks from CORE IMPACT. >>> Go to >>> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw >>> to learn more. >>> ------------------------------------------------------------------------ >>> >> >> >> ------------------------------------------------------------------------ >> Test Your IDS >> >> Is your IDS deployed correctly? >> Find out quickly and easily by testing itwith real-world attacks from CORE >> IMPACT. >> Go to >> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfwto >> learn more. >> ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
