Do you know about the big DNS vulnerability that was recently unveiled? It required that ISP's update their DNS servers or be vulnerable to some very serious hijacking.
I use OpenDNS's servers. They are kept up to date and offer some nice little features like DNS name correction (say you enter .eud, instead of .edu, it corrects this and forwards you to the .edu address.) Chris Richard Thomas wrote: > Is anyone else having issues out there with DNS requests which should > fail resolving to a search engine? This is with Butler net residential. > I've written to Bill but would be interested to hear if it's happening > with business or other ISPs (it's not happening with my work stuff). > I've narrowed it down and it's like the requests to the root and top > level domain servers are being hijacked... > > From my home network > > [EMAIL PROTECTED]:/etc# dig qweqpoqwiepoqiwepqiwe.com @d.gtld-servers.net > > ; <<>> DiG 9.4.1 <<>> qweqpoqwiepoqiwepqiwe.com @d.gtld-servers.net > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10473 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;qweqpoqwiepoqiwepqiwe.com. IN A > > ;; ANSWER SECTION: > qweqpoqwiepoqiwepqiwe.com. 60 IN A 8.15.7.102 > qweqpoqwiepoqiwepqiwe.com. 60 IN A 63.251.179.28 > > ;; AUTHORITY SECTION: > qweqpoqwiepoqiwepqiwe.com. 65535 IN NS WSC2.JOMAX.NET. > qweqpoqwiepoqiwepqiwe.com. 65535 IN NS WSC1.JOMAX.NET. > > ;; Query time: 752 msec > ;; SERVER: 192.31.80.30#53(192.31.80.30) > ;; WHEN: Thu Sep 25 14:59:33 2008 > ;; MSG SIZE rcvd: 131 > > > From Outside: > > [EMAIL PROTECTED]:~$ dig qweqpoqwiepoqiwepqiwe.com @d.gtld-servers.net > > ; <<>> DiG 9.4.1 <<>> qweqpoqwiepoqiwepqiwe.com @d.gtld-servers.net > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40084 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;qweqpoqwiepoqiwepqiwe.com. IN A > > ;; AUTHORITY SECTION: > com. 900 IN SOA a.gtld-servers.net. > nstld.verisign-grs.com. 1222372779 1800 900 604800 900 > > ;; Query time: 56 msec > ;; SERVER: 192.31.80.30#53(192.31.80.30) > ;; WHEN: Thu Sep 25 14:59:57 2008 > ;; MSG SIZE rcvd: 116 > > The IP for resolves to the same on both systems (192.31.80.30) > > If this is a known hack, I'd like to hear too. Though everything looks > clean as far as I can tell. > > Rich > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~----------~----~----~----~------~----~------~--~---
