Skip to main content

Highly-effective Cache Poisoning Attack

What is the issue?
A method of inserting false data into a name server has been discovered by a security researcher. This method affects recursive name servers, which are usually provided by ISPs and network operators to provide DNS service to their end users. As these types of name servers remember previous lookups in a cache, they are often called caching name servers, caching resolvers or similar.

The attack relies on the fact that an attacker can send fake DNS answers in response to a query and trick it into thinking the wrong data is correct for a given domain. The method is a specific type of cache poisoning attack. It is called cache poisoning because the server remembers the wrong answer in its cache, and then provides that wrong answer in future lookups.
While similar vulnerabilities have been discovered in the past, and have been patched in software, this attack is particularly concerning as it is far more effective. This has significantly raised the level of concern.

The cache poisoning is made much more viable, in part, by the fact that many name servers use the same source port number for every one of their DNS queries. If the source port is easy to guess, an attacker can much more reliably predict how to attack the server. One mitigation technique is to therefore use a randomised source port. This helps reduce the risk of attack, but does not solve the problem entirely.

Why is this issue critical only for some domain operators?
Domains are operated on a name server configuration known as an authoritative name server. Authoritative name servers are not vulnerable to this type of attack. However, a number of domain operators use servers that are configured both as an “authoritative name server” and as a “recursive name server”. The vulnerability in the recursive portion of the name server can infect the data of the authoritative name server, therefore making the authoritative portion vulnerable.

continue reading: http://www.iana.org/reports/2008/cross-pollination-faq.html

Popular posts from this blog

Alternative Social Networks

If you are planning to create your social network e.g. similar to Facebook. Here's a short list of alternative software's:

Open Source and Free​
http://buddypress.org/ - Wordpress (Open Source and Free)http://elgg.org/ - (Open Source and Free)Commercial Social Networks software
http://www.socialengine.com/ ($299 Stand Alone, $29/mo Cloud)http://www.jomsocial.com/ (run with Joomla, need to know CMS)http://www.boonex.com/ (very expensive, $399 for Standard)http://www.anahitapolis.com/http://www.oxwall.org/http://sharetronix.com/http://www.moosocial.com/http://www.jcow.net/http://phpdolphin.comhttp://www.grou.ps (from free to Commercial, I left my networks and they are selling it http://www.phpfox.com/ (I used this before, it's hard to maintain. I moved to NING but left too after it was sold to another company)http://www.ning.com (I don't recommend using this service, it's hard to export your data when it's time to move)Something to check when selecting your next soc…

Example of Out of Office Reply for Terminated Employee

This is a sample message that I used for terminated employees, unless HR staff specified a different message.
=== Example for KING.NET Employee === John Doe (employee or consultant) is no longer with KING.NET effective June 1, 2008 (termination date). For matters relating to "Project Name here" please direct your concerns to John Smith at johnsmith@king.net (Manager or Supervisor). For all other matters, please direct your email to Mary Smith HR at marysmith@king.net.
Please call our main office 703-345-6789 if you have other concerns.
Thank you.
=== end of message ===

Frequent Account Lockout in Active Directory

I have a user in Windows Pro 7, and Windows Server 2003 environment that is frequently account locked out. I tried many different scenarios to resolve this account lockout issue, from resetting his password, changing a new password, remove and re-join the domain, rebooting the workstation and active directory servers.

I tried to use the command prompt utility to run "rundll32.exe keymgrdll, KRShowKeyMgr" (case sensitive) to delete the account in Windows 7 password cache, and still no luck.

Still searching for answer ... Let me know if you encounter a similar issue in Windows Pro 7 and Windows Server 2003.

Continue reading updated post here:
http://www.whaddya.com/2011/09/windows-needs-your-credentials.html