Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Perimeter Scan>Block a serious threat to your DNS servers

Block a serious threat to your DNS servers
Tweet

Ryan russell By Ryan Russell

A new vulnerability has been discovered in the basic design of the Web’s Domain Name System, prompting almost all of the DNS software vendors in the world to release a patch.

There are a couple of different ways to determine whether your DNS servers are vulnerable to this widespread problem.

Don’t wait to install these DNS patches

In her Patch Watch column last week, Susan Bradley described problems users of Check Point’s ZoneAlarm firewall program experienced following the release of Microsoft’s DNS patch two days earlier.

While that problem was bad enough for ZoneAlarm users, it will look like a minor hiccup compared to the potential DNS disaster waiting in the wings.

My friend and co-author Dan Kaminsky has been doing interesting DNS research for a number of years. Dan discovered a vulnerability that he claims makes DNS cache poisoning very practical. If attackers can poison your DNS cache, then they can redirect you to their evil servers whenever you try to go to www.microsoft.com, for example.

The entire process of resolving DNS names to IP addresses may be at risk. I’d like to give you all the gory details, but I don’t have them.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

Related posts:

  1. More On Time Servers and Tools
  2. Firewall Doesn’t Block “Ping”
  3. Internet Explorer has triple security threat
  4. “Personal Servers”
  5. Excel flaws pose a triple threat
= Paid content

All Windows Secrets articles posted on 2008-07-17:

  • Windows Secrets Support Alert is merging with Windows Secrets
  • Introduction New readers join us from Support Alert on July 24
  • Top Story Protect yourself from software-vendor ‘snarketing’
  • Known Issues SAN + WS = the info Windows users need
  • Wacky Web Week So that’s why they’re called flip-flops!
  • Best Software The top Firefox security and privacy add-ons
  • Woody's Windows Microsoft presents: Attack of the Killer Updates
  • Perimeter Scan Block a serious threat to your DNS servers
  •  Show all articles on a single page
Ryan Russell

About Ryan Russell

Ryan Russell is a quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias "Blue Boar." He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.
View all posts by Ryan Russell →
E-books

We’ve pored through years of back issues, picking the best tips, to create these ebooks:

E-book series
  • PC Maintenance Guide
  • PC Security Guide
  • Windows 7 Guide Vol 1
  • Windows 7 Guide Vol 2
  • Win XP Survival Guide
See the e-book series
Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb