James Kosin wrote:
Everyone,
The DNS attacks are starting!!!
Below is a snippet of a logwatch from last night. Be sure all DNS
servers are updated if at all possible. The spooks are out in full on
this security vulnerability in force.
THIS IS YOUR LAST WARNING...!!!
Patch or Upgrade NOW!
ksh shrm wrote:
Is there anything we all care about.
We are normal users who don't have any server at home.
Just a PC with internet connection to surf.
Then you are safe as long as you don't shop, bank, use a search engine,
or ever provide any information of any nature you don't want to be
pu
On Mon, 2008-07-28 at 10:58 +0200, Andrew Kelly wrote:
> I've made the decision to surf the Internet using only a sketch pad
> and sticks of medium charcoal for the next several months, until this
> is all resolved. Last time something like this happened my cousin
> caught a trojan that got into is
On Fri, 2008-07-25 at 13:32 -0500, Les Mikesell wrote:
> Björn Persson wrote:
> >
> >> If you are really paranoid (or about to do large transactions on what
> >> you hope is your banking site), you could do a 'whois' lookup for the
> >> target domain to find their own name servers and send a quer
On Fri, Jul 25, 2008 at 01:32:58PM -0500, Les Mikesell wrote:
> Björn Persson wrote:
>>
>>> If you are really paranoid (or about to do large transactions on what
>>> you hope is your banking site), you could do a 'whois' lookup for the
>>> target domain to find their own name servers and send a que
Björn Persson wrote:
Could you elaborate on how whois guards against malicious system
administrators?
It spreads the number of things that have to be compromised to fool you.
The person who had access to copy the security certificate may not be
the same one that registers the public DNS server
Les Mikesell wrote:
> Yes, but controlling 'who does what' only works as long as the selected
> person does what you expect. Are you following the case of the San
> Francisco network admin that refused to give the password to anyone
> else? This may not even be malicious (he may just think everyo
Mikkel L. Ellertson wrote:
You aren't paranoid enough. What if the spoofer is also a system
administrator at the bank with access to a copy of the real certificate
that he installs on the machine he's tricked your dns into reaching -
with the expected name that you'll still see.
Then the ban
Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mikkel L. Ellertson
Sent: Saturday, July 26, 2008 6:01 AM
To: For users of Fedora
Subject: Re: DNS Attacks
Björn Persson wrote:
> Les Mikesell wrote:
>> You aren't paranoid enough. What if the spoo
Björn Persson wrote:
Les Mikesell wrote:
You aren't paranoid enough. What if the spoofer is also a system
administrator at the bank with access to a copy of the real certificate
that he installs on the machine he's tricked your dns into reaching -
with the expected name that you'll still see.
Les Mikesell wrote:
> You aren't paranoid enough. What if the spoofer is also a system
> administrator at the bank with access to a copy of the real certificate
> that he installs on the machine he's tricked your dns into reaching -
> with the expected name that you'll still see.
Then the bank ha
On Fri, Jul 25, 2008 at 15:14:15 -0700,
John Cornelius <[EMAIL PROTECTED]> wrote:
>
>
> Bruno Wolff III wrote:
>> --snip-
>> Generally you mean the appropiate TLD servers as most newly registered
>> domains don't go into the root servers.
>>
>>
> Actually, I believe that they do but al
Bruno Wolff III wrote:
--snip-
Generally you mean the appropiate TLD servers as most newly registered
domains don't go into the root servers.
Actually, I believe that they do but all that they do is provide a
pointer to the appropriate name server for the domain. Perhaps that's
wh
Bruno Wolff III wrote:
The only real delay when adding something new is getting the registered
servers for a domain into the root servers. These should be the ones
Generally you mean the appropiate TLD servers as most newly registered
domains don't go into the root servers.
I guess thin
On Fri, Jul 25, 2008 at 13:40:49 -0500,
Les Mikesell <[EMAIL PROTECTED]> wrote:
> James Kosin wrote:
>
> The only real delay when adding something new is getting the registered
> servers for a domain into the root servers. These should be the ones
Generally you mean the appropiate TLD serve
bruce wrote:
> while what you say makes sense... the vast majority of people pop up their
> favorite browser, and go to a site.. there's no way these guys (my mother
> included) are going to get into the esoteric details of what goes on behind
> the scenes for the browser/dns/certificates/etc...
T
On Fri, Jul 25, 2008 at 10:02:57 -0700,
bruce <[EMAIL PROTECTED]> wrote:
> As I understand the issue. The issue is one of being able to poison the DNS
> app on the DNS server. There's not really much the casual user can do, aside
> from switching to another DNS/IP address that's safe. But the rub
Les Mikesell <[EMAIL PROTECTED]> writes:
> James> They'd have to spoof several things at once to keep it from being
> obvious but you are right, the whois result will give names that you
> have to look up somehow.
Go for the gusto. Spoof the nameservers. Why screw around?
-wolfgang
--
Wolfgan
James Kosin wrote:
If you are really paranoid (or about to do large transactions on what
you hope is your banking site), you could do a 'whois' lookup for the
target domain to find their own name servers and send a query directly
there for the target site.
The best approach, would probably
Björn Persson wrote:
If you are really paranoid (or about to do large transactions on what
you hope is your banking site), you could do a 'whois' lookup for the
target domain to find their own name servers and send a query directly
there for the target site.
Check that the domain name in the
008 11:13 AM
To: For users of Fedora
Subject: Re: DNS Attacks
Les Mikesell wrote:
> If you are really paranoid (or about to do large transactions on what
> you hope is your banking site), you could do a 'whois' lookup for the
> target domain to find their own name servers and sen
Les Mikesell wrote:
> If you are really paranoid (or about to do large transactions on what
> you hope is your banking site), you could do a 'whois' lookup for the
> target domain to find their own name servers and send a query directly
> there for the target site.
Check that the domain name in th
Mikkel L. Ellertson wrote:
> ksh shrm wrote:
> > Is there anything we all care about.
> > We are normal users who don't have any server at home.
>
> I guess there era a lot of abnormal users on this list them.
Yeah, I'm abnormal. And my DNS server is upgraded.
Björn Persson
--
fedora-list maili
Les Mikesell wrote:
bruce wrote:
As I understand the issue. The issue is one of being able to poison
the DNS
app on the DNS server. There's not really much the casual user can do,
aside
from switching to another DNS/IP address that's safe. But the rub is,
do you
really know if the DNS/IP you'
James Kosin <[EMAIL PROTECTED]> writes:
> But, the patches out don't fix the issue totally. That would require
> a complete re-write of the DNS and how DNS works. This is something
> already in the works.
> The patch just makes it more difficult to trigger the issue. I'm
> using the patched ver
Wolfgang S. Rupprecht wrote:
James Kosin <[EMAIL PROTECTED]> writes:
client 143.215.143.11 query (cache) 'com/ANY/IN' denied: 30 Time(s)
client 143.215.143.11 query (cache) 'gmail.com/ANY/IN' denied: 32
Time(s)
client 143.215.143.11 query (cache) 'hotmail.com/ANY/IN' denied: 31
Thanks
bruce wrote:
As I understand the issue. The issue is one of being able to poison the DNS
app on the DNS server. There's not really much the casual user can do, aside
from switching to another DNS/IP address that's safe. But the rub is, do you
really know if the DNS/IP you're switching to is safe!
ge-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mikkel L. Ellertson
Sent: Friday, July 25, 2008 9:56 AM
To: For users of Fedora
Subject: Re: DNS Attacks
ksh shrm wrote:
> Is there anything we all care about.
> We are normal users who don't have any server at home.
>
ksh shrm wrote:
Is there anything we all care about.
We are normal users who don't have any server at home.
Just a PC with internet connection to surf.
adios
KSH SHRM
I guess there era a lot of abnormal users on this list them. And it
is a concern even if you do not run a name server, becaus
James Kosin <[EMAIL PROTECTED]> writes:
>client 143.215.143.11 query (cache) 'com/ANY/IN' denied: 30 Time(s)
>client 143.215.143.11 query (cache) 'gmail.com/ANY/IN' denied: 32
> Time(s)
>client 143.215.143.11 query (cache) 'hotmail.com/ANY/IN' denied: 31
Thanks for posting. Maybe thi
Is there anything we all care about.
We are normal users who don't have any server at home.
Just a PC with internet connection to surf.
adios
KSH SHRM
People don't care how much you know, until they know how much you care...
2008/7/25 James Kosin <[EMAIL PROTECTED]>:
> Jim van Wel wrote:
>
>>
Jim van Wel wrote:
Zhe zombies are coming But we are all aware of this fact after release
of the patch ;)
Greetings,
Jim.
I know; but there is always somebody who always says, "It won't happen
to me." And sadly they usually never learn their lesson even if
repeated multiple times.
I at
Zhe zombies are coming But we are all aware of this fact after release
of the patch ;)
Greetings,
Jim.
> Everyone,
>
> The DNS attacks are starting!!!
> Below is a snippet of a logwatch from last night. Be sure all DNS
> servers are updated if at all possible. The spooks are out in full on
33 matches
Mail list logo
