Chat
Micro Mart Forum
Home       Members    Calendar    Who's On
Welcome Guest ( Login | Register )
        

Home » Micro Mart Forums » Linux Mart » DNS Cache Poisoning
««12

DNS Cache Poisoning Expand / Collapse
Author
Message
Posted 27/07/2008 23:48:02


Pentium

PentiumPentiumPentiumPentiumPentium

Group: Forum Members
Last Login: Today @ 19:35:28
Posts: 5,437, Visits: 28,984
yes. but the problem is that Google (for example) link to the domain names - your browser still has to query and resolve that to an IP (via a strign of DNS servers) when you click the link. Using a search engine does NOT get you past a cache poisoning attack. It avoids phishing etc. only

If the cache poisoning occurs on one of the DNS servers you use (ie your ISP's one - probably) then all your web requests are at risk!

@Edp: I wasnt suggesting you were paranoid! Far from it Just that if you are careful and alert it probably wont affect you. I actually have a custom FireFox plugin that I simply cache all my important IP's (forums, banks, paypal, ebay etc etc.) and if there is a domain IP mismatch (from the cache) it warns me. I have seen a few plugins like that about the addons site so have a hunt round (I'm not releasing mine for various reasons) - it's well worth the download and could serve as a good compromise rather than go the full DNS route.

We also sold our first DNS service today hopefully the scare will make some companies take notice.. £2,500 is a small price to pay for piece of mind that they have access to a secure, moderated, un-poisoned DNS server (hehe).


 Cheers,
Tom
My Crime is that of curiosity, my crime is that of outsmarting you
Post #300947
Posted 29/07/2008 09:48:01
286

286286286286286

Group: Forum Members
Last Login: Today @ 19:13:25
Posts: 497, Visits: 1,166
Thanks Tom,
I did a search for a suitable Firefox plug-in, but couldn't find one with the full functionality you described for your plugin. Pity, as your description ticks every box - monitoring, and warning on critical sites without forcing retention of possibly outdated dns addresses. If you had a commercial variant I'd buy it -- sorry I can't afford £2500!

I think I'll just stick to pdnsd using the OpenDNS server -- they claim to be fully cache poisoning resistant to the recent exploits. Having read the Kaminsky details and discussions IMO something which relies on two sets of randomization for security has a long term vulnerability if ever a blackhat succeeds in reverse engineering the central security hash for BIND on a particular server implementation. Good luck with your commercial venture, I think it has sales potential for quite some time!
Post #301135
Posted 29/07/2008 14:35:51


Pentium

PentiumPentiumPentiumPentiumPentium

Group: Forum Members
Last Login: Today @ 19:35:28
Posts: 5,437, Visits: 28,984
The trouble with my utility is that it has an annoying tendency to crash to browser every 5 minutes (not really sure why - im a bit of a noob with FF plugins).

I'll have a look at it over this weekend see if I can narrow things down....

Cheers,
Tom
My Crime is that of curiosity, my crime is that of outsmarting you
Post #301154
« Prev Topic | Next Topic »

««12

Reading This Topic Expand / Collapse
Active Users: 0 (0 guests, 0 members, 0 anonymous members)
No members currently viewing this topic.
Forum Moderators: TheEditor, DJ, malc_wright, ricedg, admin, Sarah of the Dead

Permissions Expand / Collapse

All times are GMT, Time now is 11:15pm

Powered by InstantForum.NET v4.1.4 © 2008
Execution: 0.109. 12 queries. Compression Disabled.