Re: DNS Attacks

2008-07-31 Thread Bill Davidsen
ksh shrm wrote: Is there anything we all care about. We are normal users who don't have any server at home. Just a PC with internet connection to surf. Then you are safe as long as you don't shop, bank, use a search engine, or ever provide any information of any nature you don't want to be

Re: DNS Attacks

2008-07-31 Thread Bill Davidsen
James Kosin wrote: Everyone, The DNS attacks are starting!!! Below is a snippet of a logwatch from last night. Be sure all DNS servers are updated if at all possible. The spooks are out in full on this security vulnerability in force. THIS IS YOUR LAST WARNING...!!! Patch or Upgrade NOW

Re: DNS Attacks

2008-07-28 Thread Andrew Kelly
On Fri, 2008-07-25 at 13:32 -0500, Les Mikesell wrote: Björn Persson wrote: If you are really paranoid (or about to do large transactions on what you hope is your banking site), you could do a 'whois' lookup for the target domain to find their own name servers and send a query directly

Re: DNS Attacks

2008-07-28 Thread Tim
On Mon, 2008-07-28 at 10:58 +0200, Andrew Kelly wrote: I've made the decision to surf the Internet using only a sketch pad and sticks of medium charcoal for the next several months, until this is all resolved. Last time something like this happened my cousin caught a trojan that got into is

Re: DNS Attacks

2008-07-26 Thread Björn Persson
Les Mikesell wrote: You aren't paranoid enough. What if the spoofer is also a system administrator at the bank with access to a copy of the real certificate that he installs on the machine he's tricked your dns into reaching - with the expected name that you'll still see. Then the bank has

Re: DNS Attacks

2008-07-26 Thread Mikkel L. Ellertson
Björn Persson wrote: Les Mikesell wrote: You aren't paranoid enough. What if the spoofer is also a system administrator at the bank with access to a copy of the real certificate that he installs on the machine he's tricked your dns into reaching - with the expected name that you'll still see.

RE: DNS Attacks

2008-07-26 Thread bruce
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mikkel L. Ellertson Sent: Saturday, July 26, 2008 6:01 AM To: For users of Fedora Subject: Re: DNS Attacks Björn Persson wrote: Les Mikesell wrote: You aren't paranoid enough. What if the spoofer is also a system administrator at the bank

Re: DNS Attacks

2008-07-26 Thread Les Mikesell
Mikkel L. Ellertson wrote: You aren't paranoid enough. What if the spoofer is also a system administrator at the bank with access to a copy of the real certificate that he installs on the machine he's tricked your dns into reaching - with the expected name that you'll still see. Then the

Re: DNS Attacks

2008-07-26 Thread Björn Persson
Les Mikesell wrote: Yes, but controlling 'who does what' only works as long as the selected person does what you expect. Are you following the case of the San Francisco network admin that refused to give the password to anyone else? This may not even be malicious (he may just think everyone

Re: DNS Attacks

2008-07-26 Thread Les Mikesell
Björn Persson wrote: Could you elaborate on how whois guards against malicious system administrators? It spreads the number of things that have to be compromised to fool you. The person who had access to copy the security certificate may not be the same one that registers the public DNS

Re: DNS Attacks

2008-07-26 Thread Nifty Fedora Mitch
On Fri, Jul 25, 2008 at 01:32:58PM -0500, Les Mikesell wrote: Björn Persson wrote: If you are really paranoid (or about to do large transactions on what you hope is your banking site), you could do a 'whois' lookup for the target domain to find their own name servers and send a query directly

DNS Attacks

2008-07-25 Thread James Kosin
Everyone, The DNS attacks are starting!!! Below is a snippet of a logwatch from last night. Be sure all DNS servers are updated if at all possible. The spooks are out in full on this security vulnerability in force. THIS IS YOUR LAST WARNING...!!! Patch or Upgrade NOW! James Kosin A long

Re: DNS Attacks

2008-07-25 Thread Jim van Wel
Zhe zombies are coming But we are all aware of this fact after release of the patch ;) Greetings, Jim. Everyone, The DNS attacks are starting!!! Below is a snippet of a logwatch from last night. Be sure all DNS servers are updated if at all possible. The spooks are out in full

Re: DNS Attacks

2008-07-25 Thread James Kosin
Jim van Wel wrote: Zhe zombies are coming But we are all aware of this fact after release of the patch ;) Greetings, Jim. I know; but there is always somebody who always says, It won't happen to me. And sadly they usually never learn their lesson even if repeated multiple times. I

Re: DNS Attacks

2008-07-25 Thread ksh shrm
Is there anything we all care about. We are normal users who don't have any server at home. Just a PC with internet connection to surf. adios KSH SHRM People don't care how much you know, until they know how much you care... 2008/7/25 James Kosin [EMAIL PROTECTED]: Jim van Wel wrote: Zhe

Re: DNS Attacks

2008-07-25 Thread Wolfgang S. Rupprecht
James Kosin [EMAIL PROTECTED] writes: client 143.215.143.11 query (cache) 'com/ANY/IN' denied: 30 Time(s) client 143.215.143.11 query (cache) 'gmail.com/ANY/IN' denied: 32 Time(s) client 143.215.143.11 query (cache) 'hotmail.com/ANY/IN' denied: 31 Thanks for posting. Maybe this

Re: DNS Attacks

2008-07-25 Thread Mikkel L. Ellertson
ksh shrm wrote: Is there anything we all care about. We are normal users who don't have any server at home. Just a PC with internet connection to surf. adios KSH SHRM I guess there era a lot of abnormal users on this list them. And it is a concern even if you do not run a name server,

RE: DNS Attacks

2008-07-25 Thread bruce
] [mailto:[EMAIL PROTECTED] Behalf Of Mikkel L. Ellertson Sent: Friday, July 25, 2008 9:56 AM To: For users of Fedora Subject: Re: DNS Attacks ksh shrm wrote: Is there anything we all care about. We are normal users who don't have any server at home. Just a PC with internet connection to surf

Re: DNS Attacks

2008-07-25 Thread Les Mikesell
bruce wrote: As I understand the issue. The issue is one of being able to poison the DNS app on the DNS server. There's not really much the casual user can do, aside from switching to another DNS/IP address that's safe. But the rub is, do you really know if the DNS/IP you're switching to is

Re: DNS Attacks

2008-07-25 Thread James Kosin
Wolfgang S. Rupprecht wrote: James Kosin [EMAIL PROTECTED] writes: client 143.215.143.11 query (cache) 'com/ANY/IN' denied: 30 Time(s) client 143.215.143.11 query (cache) 'gmail.com/ANY/IN' denied: 32 Time(s) client 143.215.143.11 query (cache) 'hotmail.com/ANY/IN' denied: 31 Thanks

Re: DNS Attacks

2008-07-25 Thread Wolfgang S. Rupprecht
James Kosin [EMAIL PROTECTED] writes: But, the patches out don't fix the issue totally. That would require a complete re-write of the DNS and how DNS works. This is something already in the works. The patch just makes it more difficult to trigger the issue. I'm using the patched version

Re: DNS Attacks

2008-07-25 Thread James Kosin
Les Mikesell wrote: bruce wrote: As I understand the issue. The issue is one of being able to poison the DNS app on the DNS server. There's not really much the casual user can do, aside from switching to another DNS/IP address that's safe. But the rub is, do you really know if the DNS/IP

Re: DNS Attacks

2008-07-25 Thread Björn Persson
Mikkel L. Ellertson wrote: ksh shrm wrote: Is there anything we all care about. We are normal users who don't have any server at home. I guess there era a lot of abnormal users on this list them. Yeah, I'm abnormal. And my DNS server is upgraded. Björn Persson -- fedora-list mailing

Re: DNS Attacks

2008-07-25 Thread Björn Persson
Les Mikesell wrote: If you are really paranoid (or about to do large transactions on what you hope is your banking site), you could do a 'whois' lookup for the target domain to find their own name servers and send a query directly there for the target site. Check that the domain name in the

RE: DNS Attacks

2008-07-25 Thread bruce
To: For users of Fedora Subject: Re: DNS Attacks Les Mikesell wrote: If you are really paranoid (or about to do large transactions on what you hope is your banking site), you could do a 'whois' lookup for the target domain to find their own name servers and send a query directly

Re: DNS Attacks

2008-07-25 Thread Les Mikesell
Björn Persson wrote: If you are really paranoid (or about to do large transactions on what you hope is your banking site), you could do a 'whois' lookup for the target domain to find their own name servers and send a query directly there for the target site. Check that the domain name in the

Re: DNS Attacks

2008-07-25 Thread Wolfgang S. Rupprecht
Les Mikesell [EMAIL PROTECTED] writes: James They'd have to spoof several things at once to keep it from being obvious but you are right, the whois result will give names that you have to look up somehow. Go for the gusto. Spoof the nameservers. Why screw around? -wolfgang -- Wolfgang S.

Re: DNS Attacks

2008-07-25 Thread Bruno Wolff III
On Fri, Jul 25, 2008 at 10:02:57 -0700, bruce [EMAIL PROTECTED] wrote: As I understand the issue. The issue is one of being able to poison the DNS app on the DNS server. There's not really much the casual user can do, aside from switching to another DNS/IP address that's safe. But the rub is,

RE: DNS Attacks

2008-07-25 Thread Björn Persson
bruce wrote: while what you say makes sense... the vast majority of people pop up their favorite browser, and go to a site.. there's no way these guys (my mother included) are going to get into the esoteric details of what goes on behind the scenes for the browser/dns/certificates/etc... They