iiNet resolved issue sometime last week rolling out patches within DNS
servers. These being brought back online and cycled over the weekend
with no apparent issues as part of their upgrade being moved forward.
This issue could also be a reason for slower than normal connections
or misleading address reconciliation, and should smooth out as the
hours online re-establish DNS protocols.
Cheer!
`Rob...
On 14Jul2008, at 10:31 am, Reg Whitely wrote:
Hi Neil and other WAMUGgers
On 10 Jul 2008, at 3:27pm, Neil Houghton wrote:
Following was internodes reply, they have issued an advisory online.
I'm leaving my DNS servers set as the OpenDNS servers for the
moment while
they sort it.
Hi Neil,
Thank you for your support request with Internode.
Please see our advisory concerning DNS cache poisoning for the
current status
of this issue.
https://secure.internode.on.net/webtools/advisories/item.html?
id=5554
If you have any further questions regarding this matter, please
reply to this
email or contact our Helpdesk by phone on 1300 788 233.
Here's an update from Internode today. doe it make sense?
Reg
https://secure.internode.on.net/webtools/advisories/item.html?id=5554
Advisory 5554 - DNS security enhancement (cache poisoning
vulnerability)
Severity Informational
Source Internode
Start Wed Jul 9 09:00:00 2008
End TBA
Summary DNS security enhancement (cache poisoning vulnerability)
Services DNS
Areas Australia
Details An AusCERT advisory was released today advising of a DNS
vulnerability which potentially allows forged DNS information to be
injected into the cache of a DNS resolver.
This vulnerability has not yet been reported to be an issue in
practice, but the release of information about it requires
appropriate security action is now taken, to avoid the potential for
it to become a problem in the future.
This issue has potential impact across the entire DNS system
worldwide - it is not specific to Internode or to Australia.
Accordingly, it does require mitigation by Internode (and all other
ISPs) to protect against the potential of future problems.
Internode takes note of, and responds appropriately, to software
vulnerabilities in Internet infrastructure (such as this one) as and
when they occur.
Internode Engineers are aware of this security alert and are
evaluating the best way to eliminate this vulnerability. Doing this
requires some analysis and care to ensure uninterrupted service is
provided to our customers in the process of addressing the issue.
This advisory will be updated with further information as the work
to do this progresses.
Customers interested in this specific issue may find further
explanation here:
http://www.internetnews.com/security/article.php/3757746/DNS+at+Risk+From+Multivendor+Cache+Poisoning.htm
See also the relevant AusCERT advisory, here:
http://www.auscert.org.au/render.html?it=9546
UPDATE - 14/7 11:30 CST:
The state-based resolvers accessible by 192.231.203.132 have been
upgraded and are no longer vulnerable to this security flaw.
Customers using this IP address as their primary resolver as
recommended by Internode will no longer be vulnerable to the DNS
cache poisoning vulnerability.
Work is in progress to upgrade the remaining name servers.
-- The WA Macintosh User Group Mailing List --
Archives - <http://www.wamug.org.au/mailinglist/archives.shtml>
Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml>
Unsubscribe - <mailto:[EMAIL PROTECTED]>
-- The WA Macintosh User Group Mailing List --
Archives - <http://www.wamug.org.au/mailinglist/archives.shtml>
Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml>
Unsubscribe - <mailto:[EMAIL PROTECTED]>