DNS Exploit in the Wild

[StarsFan4Life]

What are the new servers?

Would I need to do anything in my D-Link router as well?

Would a DNS flush not work?

 

[effowe]

Originally posted by: StarsFan4Life
What are the new servers?

Would I need to do anything in my D-Link router as well?

Would a DNS flush not work?

You would want to do it at router level so that any PC's connected to that router will all be unaffected. If your DNS servers (from the router's) settings are vulnerable, then your other machines will be affected. If you just change it on your personal PC, it wont affect your PC, but will the others. DNS flush would not work as far as I know.

 

[StarsFan4Life]

Originally posted by: effowe

Originally posted by: StarsFan4Life
What are the new servers?

Would I need to do anything in my D-Link router as well?

Would a DNS flush not work?

You would want to do it at router level so that any PC's connected to that router will all be unaffected. If your DNS servers (from the router's) settings are vulnerable, then your other machines will be affected. If you just change it on your personal PC, it wont affect your PC, but will the others. DNS flush would not work as far as I know.

Ok, so what do I need to change the DNS servers to?

 

[effowe]

Originally posted by: StarsFan4Life
Ok, so what do I need to change the DNS servers to?

208.67.222.222
208.67.220.220

(for the third time in this thread)

 

[StarsFan4Life]

Originally posted by: effowe

Originally posted by: StarsFan4Life
Ok, so what do I need to change the DNS servers to?

208.67.222.222
208.67.220.220

(for the third time in this thread)

Thanks.

Now, in my D-Link Di-524 router, I do not have the option to change the DNS servers. I do have a DHCP release and renew. Is this what I want?

Currently, my dns servers are:

24.93.41.127
24.93.41.128

 

[Runes911]

These are easy to remember:

4.2.2.1
4.2.2.2

I think they are level 3's DNS.

 

[jonks]

Originally posted by: StarsFan4Life
So how big of a deal is this? The "older" guys at work here all are worried that the "internet" is going down soon.

Don't worry. If the Internet goes down, I'm planning on heading out Californeeway. I heard there's some Internet out there. It'll be a long haul. Maybe we can caravan and seek it out together.

 

[JackBurton]

Not good, but I don't use my ISP's DNS servers anyway.

 

[JackBurton]

Originally posted by: Runes911
These are easy to remember:

4.2.2.1
4.2.2.2

I think they are level 3's DNS.

Yep.

 

[effowe]

Originally posted by: StarsFan4Life

Originally posted by: effowe

Originally posted by: StarsFan4Life
Ok, so what do I need to change the DNS servers to?

208.67.222.222
208.67.220.220

(for the third time in this thread)

Thanks.

Now, in my D-Link Di-524 router, I do not have the option to change the DNS servers. I do have a DHCP release and renew. Is this what I want?

Currently, my dns servers are:

24.93.41.127
24.93.41.128

Look under WAN settings, maybe under advanced, there is in option in there. I am looking at page 15 of your routers manual and it says the WAN tab on the left, Home tab on the top you can change them.

 

[Fritzo]

Patched for that a long time ago.

 

[StarsFan4Life]

Originally posted by: effowe

Originally posted by: StarsFan4Life

Originally posted by: effowe

Originally posted by: StarsFan4Life
Ok, so what do I need to change the DNS servers to?

208.67.222.222
208.67.220.220

(for the third time in this thread)

Thanks.

Now, in my D-Link Di-524 router, I do not have the option to change the DNS servers. I do have a DHCP release and renew. Is this what I want?

Currently, my dns servers are:

24.93.41.127
24.93.41.128

Look under WAN settings, maybe under advanced, there is in option in there. I am looking at page 15 of your routers manual and it says the WAN tab on the left, Home tab on the top you can change them.

I changed them to:

208.67.222.222
208.67.220.220

Now when I check doxpara.com I get this.

Your name server, at 208.69.32.12, appears to be safe, but make sure the ports listed below aren't following an obvious pattern.
--------------------------------------------------------------------------------





Am I safe now?

 

[Gooberlx2]

Still vulnerable. I wonder if our IT dept even knows about this.

 

[StarsFan4Life]

Originally posted by: Gooberlx2
Still vulnerable. I wonder if our IT dept even knows about this.

Was this referenced to me?

 

[effowe]

Originally posted by: StarsFan4Life
I changed them to:

208.67.222.222
208.67.220.220

Now when I check doxpara.com I get this.

Your name server, at 208.69.32.12, appears to be safe, but make sure the ports listed below aren't following an obvious pattern.

Am I safe now?

I would say so, at least concerning this particular vulnerability.

 

[StarsFan4Life]

Originally posted by: effowe

Originally posted by: StarsFan4Life
I changed them to:

208.67.222.222
208.67.220.220

Now when I check doxpara.com I get this.

Your name server, at 208.69.32.12, appears to be safe, but make sure the ports listed below aren't following an obvious pattern.

Am I safe now?

I would say so, at least concerning this particular vulnerability.

What do you mean at least?

 

[torpid]

Originally posted by: Joemonkey

Originally posted by: Modelworks
Well it didn't take long for the exploit to start making rounds. This one could be really bad if it isn't patched on servers soon. I just checked my isp servers and they are vulnerable. I won't give out the isp name, its a major one though, with thousands of customers. I emailed them to tip them off, I shouldn't have had to, but hopefully they patch it soon.

Why not just come out and say AT&T?

More info here: http://www.kb.cert.org/vuls/id/800113

Ugh. Just tested my iPhone and it's vulnerable. I don't see any obvious way to alter the DNS settings over Edge.

 

[effowe]

Originally posted by: StarsFan4Life
What do you mean at least?

I mean as far as the DNS vulnerability, you are safe. Your computer could be open to attack from a million other sources, but I have no idea about your network setup or computer habits so I couldn't tell ya.

 

[Uppsala9496]

Vulnerable at work.

I'll have to check this when I get home tonight.

 

[StarsFan4Life]

We tested it here:

Your name server, at 64.129.67.XXX, appears to be safe, but make sure the ports listed below aren't following an obvious pattern

However, this IP is not the DNS server we use. Is this test even legit or correct?

 

[iamwiz82]

Originally posted by: StarsFan4Life
We tested it here:

Your name server, at 64.129.67.XXX, appears to be safe, but make sure the ports listed below aren't following an obvious pattern

However, this IP is not the DNS server we use. Is this test even legit or correct?

It's testing whatever your DNS is set to, not necessarily the ISP.

Also, regarding your port pattern issue, I had to turn on the scambling functionality on my Checkpoint box.

 

[StarsFan4Life]

Originally posted by: iamwiz82

Originally posted by: StarsFan4Life
We tested it here:

Your name server, at 64.129.67.XXX, appears to be safe, but make sure the ports listed below aren't following an obvious pattern

However, this IP is not the DNS server we use. Is this test even legit or correct?

It's testing whatever your DNS is set to, not necessarily the ISP.

Also, regarding your port pattern issue, I had to turn on the scambling functionality on my Checkpoint box.

Well, our DNS is NOT set to the IP above, rather a completely different ip.

 

[Gooberlx2]

Originally posted by: StarsFan4Life

Originally posted by: Gooberlx2
Still vulnerable. I wonder if our IT dept even knows about this.

Was this referenced to me?

No. I was more or less making a commentary about my employer's IT dept.....unless you work for my employer, and now I'm in trouble.

*shifty eyes*

 

[StarsFan4Life]

Originally posted by: Gooberlx2

Originally posted by: StarsFan4Life

Originally posted by: Gooberlx2
Still vulnerable. I wonder if our IT dept even knows about this.

Was this referenced to me?

No. I was more or less making a commentary about my employer's IT dept.

Weird because not but 5 minutes before that I sent an email to my fiances company that IS vulnerable and asked if their IT department even knew about it.

 

[iamwiz82]

Originally posted by: StarsFan4Life

Originally posted by: iamwiz82

Originally posted by: StarsFan4Life
We tested it here:

Your name server, at 64.129.67.XXX, appears to be safe, but make sure the ports listed below aren't following an obvious pattern

However, this IP is not the DNS server we use. Is this test even legit or correct?

It's testing whatever your DNS is set to, not necessarily the ISP.

Also, regarding your port pattern issue, I had to turn on the scambling functionality on my Checkpoint box.

Well, our DNS is NOT set to the IP above, rather a completely different ip.

The IP above is the public IP that is probably NATed on your firewall. The firewall knows your DNS servers' IPs. Your firewall should also be scrambling the NATed ports.