Not on me. I'll see what I can get when Im back in the office tomorrow. On Thu, Jul 10, 2008 at 4:29 PM, Ziots, Edward <[EMAIL PROTECTED]> wrote: > You got a copy of the source of that page, that is doing a popup to do > the re-direct? It might be another SQL injection attack from a few weeks > ago. > Z > > Edward E. Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP,Security+,Network+,CCA > Phone: 401-639-3505 > > -----Original Message----- > From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 10, 2008 2:08 PM > To: NT System Admin Issues > Subject: Re: Major DNS protocol issue effecting most implementations of > DNS > > One of Boston.com's pop-up advertisers is currently redirecting to a > download. Is it the DNS exploit in action? I dunno, but the timing is > impeccable - and is exactly what I have been expecting to see. > > > On Thu, Jul 10, 2008 at 12:44 PM, Micheal Espinola Jr > <[EMAIL PROTECTED]> wrote: >> Don't just hope. Bring it up as an issue with them. >> >> On Thu, Jul 10, 2008 at 10:25 AM, Joe Heaton <[EMAIL PROTECTED]> > wrote: >>> Well, I used the tool that was referenced on the site below, and it >>> seems my upstream name server is susceptible to this problem, so >>> hopefully they will be patching too. I have already patched my DNS >>> server, and I'm working on the client side patch now... >>> >>> Joe Heaton >>> -----Original Message----- >>> From: Ken Schaefer [mailto:[EMAIL PROTECTED] >>> Sent: Wednesday, July 09, 2008 6:58 PM >>> To: NT System Admin Issues >>> Subject: RE: Major DNS protocol issue effecting most implementations > of >>> DNS >>> >>> And what if the cache of your upstream is a victim of this attack? > :-) >>> >>> So, yes, internally you probably don't have much to fear (unless you >>> have a malicious employee, or someone else has already come in via > some >>> other means and this is a second part of an attack). But you either > need >>> to refer back to root servers or upstream DNS servers for other > zones, >>> and it's possible that they might be compromised (well, probably not > the >>> root servers) >>> >>> Cheers >>> Ken >>> >>>> -----Original Message----- >>>> From: Joe Heaton [mailto:[EMAIL PROTECTED] >>>> Sent: Thursday, 10 July 2008 2:04 AM >>>> To: NT System Admin Issues >>>> Subject: RE: Major DNS protocol issue effecting most implementations >>> of DNS >>>> >>>> So this is pointed more at public name servers, right? Not internal >>>> DNS? I do our internal stuff, but forward everything else to our >>> "ISP", >>>> which is another state agency. >>>> >>>> Joe Heaton >>>> >>>> -----Original Message----- >>>> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] >>>> Sent: Wednesday, July 09, 2008 8:33 AM >>>> To: NT System Admin Issues >>>> Subject: Re: Major DNS protocol issue effecting most implementations >>> of >>>> DNS >>>> >>>> This blog has a good overview and some relevant info in the comments >>>> (a lot of bs in there too though): >>>> >>>> >>> > <http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issu >>>> e-in-dns-massive-multivendor-patch-released/> >>>> >>>> On Wed, Jul 9, 2008 at 11:23 AM, Micheal Espinola Jr >>>> <[EMAIL PROTECTED]> wrote: >>>> > Affected systems include both client and server systems [that >>>> > implement DNS caching and stub resolution], and any other > networked >>>> > systems that include this functionality. >>>> > >>>> > * US-CERT (TA08-190B) Multiple DNS implementations vulnerable to >>> cache >>>> > poisoning - >>>> > <http://www.us-cert.gov/cas/techalerts/TA08-190B.html> >>>> > * Microsoft Security Bulletin MS08-037 - >>>> > >>>> <http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx> >>>> > >>>> > -- >>>> > ME2 >>>> > >>>> > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>>> > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>>> > >>>> >>>> >>>> >>>> >>>> -- >>>> ME2 >>>> >>>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>>> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>>> >>>> No virus found in this incoming message. >>>> Checked by AVG. >>>> Version: 8.0.101 / Virus Database: 270.4.6/1540 - Release Date: >>> 7/8/2008 >>>> 6:33 AM >>>> >>>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>>> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>> >>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>> >>> No virus found in this incoming message. >>> Checked by AVG - http://www.avg.com >>> Version: 8.0.138 / Virus Database: 270.4.7/1542 - Release Date: > 7/9/2008 >>> 6:50 AM >>> >>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >>> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >>> >> >> >> >> >> -- >> ME2 >> >> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ >> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >> > > > > > -- > ME2 > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ >
-- ME2 ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
