Hi Reg, For what it's worth, with the OpenDNS servers, I get exactly the same message (except for the addresses/ports, obviously).
I'm not sure that there is anything else you can do - the article implied that there were patches that removed the vulnerability and I'm assuming that the OpenDNS servers were patched and that Internode's now is. Having said that, I have no real knowledge of the problem/fix except for what I've already posted! More knowledgeable persons may care to comment! Cheers Neil -- Neil R. Houghton Albany, Western Australia Tel: +61 8 9841 6063 Email: [EMAIL PROTECTED] on 14/7/08 6:36 PM, Reg Whitely at [EMAIL PROTECTED] wrote: > Thanks for the prompt Neil > > Now I'm told > > Your name server, at 203.16.214.237, appears to be safe, but make sure > the ports listed below aren't following an obvious pattern.Requests > seen for 3b512c0a6a70.toorrr.com: > 203.16.214.237:46676 TXID=32459 > 203.16.214.237:42096 TXID=13262 > 203.16.214.237:4412 TXID=55513 > 203.16.214.237:65231 TXID=9556 > 203.16.214.237:3643 TXID=62963 > > What now??? > > Reg > > On 14 Jul 2008, at 11:34am, Neil Houghton wrote: > >> Hi Reg, >> >> Well, yes, it makes sense - but have you tried it? >> >> Ie, if you had left your DNS settings as per Internodes recommended: >> >> 192.231.203.132 >> 192.231.203.3 >> >> Then your primary resolver is 192.231.203.132 and Internode are >> saying they >> have now fixed the state-based resolvers accessible by this address >> - so if >> you re-try DNS checker then you should get something like the message: >> >>> Your name server, at xxx.xx.xxx.xxx, appears to be safe. >> >> Whereas before they fixed it you got a message something like: >> >>> Your name server, at xxx.xx.xxx.xxx, appears vulnerable to DNS Cache >>> Poisoning. >> >> As I mentioned previously, rather than waiting I had already changed >> to >> using OpenDNS servers, as Severin suggested, which did fix the >> problem - I >> may or may not change back to the Internode DNS servers (I'm in no >> hurry) so >> I can't confirm the Internode fix myself. >> >> >> Cheers >> >> >> Neil >> -- >> Neil R. Houghton >> Albany, Western Australia >> Tel: +61 8 9841 6063 >> Email: [EMAIL PROTECTED] >> >> >> >> >> on 14/7/08 10:31 AM, Reg Whitely at [EMAIL PROTECTED] wrote: >> >>> Hi Neil and other WAMUGgers >>> >>> On 10 Jul 2008, at 3:27pm, Neil Houghton wrote: >>> >>>> Following was internodes reply, they have issued an advisory online. >>>> >>>> I'm leaving my DNS servers set as the OpenDNS servers for the moment >>>> while >>>> they sort it. >>>>> >>>>> Hi Neil, >>>>> >>>>> Thank you for your support request with Internode. >>>>> >>>>> Please see our advisory concerning DNS cache poisoning for the >>>>> current status >>>>> of this issue. >>>>> >>>>> https://secure.internode.on.net/webtools/advisories/item.html?id=5554 >>>>> >>>>> >>>>> If you have any further questions regarding this matter, please >>>>> reply to this >>>>> email or contact our Helpdesk by phone on 1300 788 233. >>> >>> Here's an update from Internode today. doe it make sense? >>> >>> Reg >>> >>> https://secure.internode.on.net/webtools/advisories/item.html?id=5554 >>> >>> Advisory 5554 - DNS security enhancement (cache poisoning >>> vulnerability) >>> Severity Informational >>> Source Internode >>> Start Wed Jul 9 09:00:00 2008 >>> End TBA >>> Summary DNS security enhancement (cache poisoning vulnerability) >>> Services DNS >>> Areas Australia >>> Details An AusCERT advisory was released today advising of a DNS >>> vulnerability which potentially allows forged DNS information to be >>> injected into the cache of a DNS resolver. >>> >>> This vulnerability has not yet been reported to be an issue in >>> practice, but the release of information about it requires >>> appropriate >>> security action is now taken, to avoid the potential for it to become >>> a problem in the future. >>> >>> This issue has potential impact across the entire DNS system >>> worldwide >>> - it is not specific to Internode or to Australia. Accordingly, it >>> does require mitigation by Internode (and all other ISPs) to protect >>> against the potential of future problems. >>> >>> Internode takes note of, and responds appropriately, to software >>> vulnerabilities in Internet infrastructure (such as this one) as and >>> when they occur. >>> >>> Internode Engineers are aware of this security alert and are >>> evaluating the best way to eliminate this vulnerability. Doing this >>> requires some analysis and care to ensure uninterrupted service is >>> provided to our customers in the process of addressing the issue. >>> >>> This advisory will be updated with further information as the work to >>> do this progresses. >>> >>> Customers interested in this specific issue may find further >>> explanation here: >>> >>> >>> http://www.internetnews.com/security/article.php/3757746/DNS+at+Risk+From+Mu >>> lt >>> ivendor+Cache+Poisoning.htm >>> >>> See also the relevant AusCERT advisory, here: >>> >>> http://www.auscert.org.au/render.html?it=9546 >>> >>> UPDATE - 14/7 11:30 CST: >>> >>> The state-based resolvers accessible by 192.231.203.132 have been >>> upgraded and are no longer vulnerable to this security flaw. >>> Customers >>> using this IP address as their primary resolver as recommended by >>> Internode will no longer be vulnerable to the DNS cache poisoning >>> vulnerability. >>> >>> Work is in progress to upgrade the remaining name servers. >>> >>> -- The WA Macintosh User Group Mailing List -- >>> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >>> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> >>> Unsubscribe - <mailto:[EMAIL PROTECTED]> >> >> >> >> -- The WA Macintosh User Group Mailing List -- >> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> >> Unsubscribe - <mailto:[EMAIL PROTECTED]> > > > -- The WA Macintosh User Group Mailing List -- > Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> > Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> > Unsubscribe - <mailto:[EMAIL PROTECTED]> -- The WA Macintosh User Group Mailing List -- Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> Unsubscribe - <mailto:[EMAIL PROTECTED]>
