Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: DNS Cache Poisoning Issue Update - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DNS Cache Poisoning Issue Update

Ok, we have a confirmed instance where the DNS cache poisoning vulnerability was used to compromise a DNS server belonging to AT&T.  This PCWorld article covers the incident. The original article makes it sound as though the Metasploit site was 'owned' by this incident when really the issue was that the AT&T DNS server was compromised and was providing erroneous IP addresses to incoming queries.  This updated PCWorld article clarifies the first one.

Additional details can be found in this Metasploit blog post.

So we've moved from "the bad guys are out there" past "the invaders are at the gate" and on to "the bad guys are slipping inside".  If your organization has not yet patched your DNS servers (see here) , please do so now.

We may be raising our InfoSec status to yellow soon to help raise attention to the serious nature of this issue.

 

David Goldsmith

David

78 Posts
Seems to me that we should keep an eye out for DNS poisoning attacks affecting Antivirus websites for downloads of new pattern updates. Not sure how easy it would be to slip in a pattern file with a virus in it, but seems like it might be a significant attack vector.
Anonymous
Seems to me that we should keep an eye out for DNS poisoning attacks affecting Antivirus websites for downloads of new pattern updates. Not sure how easy it would be to slip in a pattern file with a virus in it, but seems like it might be a significant attack vector.
Anonymous
Seems to me that we should keep an eye out for DNS poisoning attacks affecting Antivirus websites for downloads of new pattern updates. Not sure how easy it would be to slip in a pattern file with a virus in it, but seems like it might be a significant attack vector.
Anonymous
It would seem as well that Anti-Virus would not be the only target. LavaSoft's Ad-Aware update site has not been available since July 26.
(Both the app's update URL and their own download.lavasoft.com/public site.)
Anonymous

Sign Up for Free or Log In to start participating in the conversation!