DNS Blackhole attack
Rachael Treu
rara at navigo.com
Mon Mar 7 19:40:56 UTC 2005
On Mon, Mar 07, 2005 at 11:38:53AM +0000, Ketil Froyn said something to the effect of:
>
> On Sat, 2005-03-05 at 14:43 -0800, william(at)elan.net wrote:
>
> > Global DNS cache poisoning attack?; Update...
>
> It's a bit frustrating that problems this old and well-known can
> actually be used to cause damage.
Uh...see tcp ports 135 through 139, and give thought to smtp
as a protocol. And I hear the water is lovely in nis, nfs, and
rpc this time of year... ;P
>
> The easiest way to check if you are vulnerable to DNS poisoning is to
> try to poison yourself. Try my "poison yourself" page here:
>
> http://ketil.froyn.name/poison.html
Nice, handy resource.
What's up with the patching problems, btw?
whee,
--ra
--
k. rachael treu, CISSP rara at navigo.com
..quis custodiet ipsos custodes?..
>
> It tries to redirect www.example.com to a fake IP (the same one as I
> host my website on), where I have a virtualhost for www.example.com with
> a plain html page. It'll tell you if you were poisoned.
>
> Cheers,
> Ketil Froyn
>
More information about the NANOG
mailing list