DNS Cache Poisoning

Mar 19, 2008

What tools do you use to check for DNS Cache Poisoning ? Is there any way it can be prevented and is the problem very prevalent?

View 1 Replies


ADVERTISEMENT

A Few Words About DNS Cache Poisoning

Nov 26, 2007

What is your opinioun on the subject?

How could it be done?

View 1 Replies View Related

Are Patched Domain Name Server (DNS) Behind N.A.T. Still Vunlerable To DNS Cache Poisoning?

Aug 7, 2008

Upon reading http://www.theregister.co.uk/2008/08...sky_black_hat/ it appears those who use network address translation may be vulnerable to DNS cache poisoning even after patching their DNS servers.

"another 15 per cent are still vulnerable to some extent because they use network address translation gear that prevents the patch from working."

Thoughts?

View 2 Replies View Related

DNS Poisoning - Is Your Bind Up To Date

Jul 9, 2008

Vendors form alliance to fix DNS poisoning flaw

An alliance of software makers and network-hardware vendors announced on Tuesday that they had banded together to fix a fundamental flaw in the design of the internet's address system.

The vulnerability in the domain name system (DNS) - the distributed database that matches a host and domain name with the numerical address of a computer server - could give an attacker the ability to replace the addresses of popular websites with that of a malicious server, said Dan Kaminsky, director of penetration testing for security firm IOActive. Kaminsky found the flaw when he was doing non-security research on the domain name system (DNS) more than six months ago.

"It is a fundamental issue affecting the design," Kaminsky said. "Because the system is behaving exactly like it is supposed to behave, the same bug will show up in vendor after vendor after vendor. This one bug affected not just Microsoft ... not just Cisco, but everyone."

On Tuesday, a number of software and network-hardware vendors released patches for their products. On its regularly scheduled patch day, Microsoft released updates for Windows 2000, Windows XP and Windows Server 2003 to mitigate the issue, which the company ranked an important vulnerability, its second highest grade of severity. Internet Software Consortium, the group responsible for the development of the popular Berkeley Internet Name Domain (BIND) server, also released a patch, confirming that its software contained the vulnerability. Both Cisco and Juniper also acknowledged flawed systems.

Vendors have also provided the fix to certain large clients. Yahoo will be upgrading its name servers from BIND 8 to the latest version of BIND 9, the Internet Software Consortium stated during the conference call. Internet service provider Comcast has already patched its servers for the issue, according to internet infrastructure firm Nominum. Finally, the Computer Emergency Response Team (CERT) Coordination Center has contacted some other nation's response groups to inform them of the problem.

For the most part, however, internet service providers and companies each received the fix on Tuesday, said Sandy Wilbourn, vice president of engineering at Nominum. The goal: To have every major service provider and company apply their software patches in 30 days.

For that reason, don't expect immediate action, Wilbourn said.

"For key customers on our network, we have made a special effort to get them an early release to help solve this problem, and a number of them have finished deployment," he said. "But the nature of this patch is that we wanted to get the vendor side covered and then have deployment over the next 30 days. Anyone that is not patched by today or tomorrow is not doing anything wrong."

The domain-name system (DNS) has been a popular way to attack the internet in the past - it's an ill-kept secret that the DNS system is insecure. The way that many software applications, such as browsers, handle DNS requests has opened up users to attack. Microsoft has fixed a few vulnerabilities in the way Windows handles domain names - issues that could have lead to easier eavesdropping or simpler phishing attacks.

More here:[url]

View 6 Replies View Related

Dedicated Server And ARP Poisoning

Nov 4, 2007

I recently had a problem with a hacked dedicated server which was attacked by ARP Poisoning and a Remote Desktop man-in-the-middle attack from another dedicated server on the same subnet. Maybe unreasonably I expected controls in place to prevent this, better detection and better handling of this problem, lack of which have left me uneasy about the hosting.

I know using Remote Desktop with a cert would prevent the server being compromised, but my concern would then be HTTP traffic being hijacked and malware insertion, redirection to non HTTPS login pages, redirects to anywhere, etc. If ARP Poisoning occurs then even if my server is fully secure all the web addresses pointing to my server's IP are basically compromised by HTTP traffic redirection.

Before this happened I had assumed (bad idea) that there would be some kind of mac level assigning of IP addresses.

What level of protection from this type of problem should I expect from the Dedicated Server supplier on their network? Problem started after I rebooted our server, IP was grabbed and the network adaptor was disabled due to IP conflict, so machine didn't not respond to pings. I raised a ticket and was told

"when your server came up it couldn't use it's assigned IP address as for some unknown reason another device on the network is using it's IP, we're tracking down the device and we'll have your server operational in few minutes."

They re-enabled the network adaptor presumably without fully checking the situation. I assumed the situation was either an innocent misconfiguration or that the issue had been fully investigated and dealt with, I reconnected via remote desktop and a few minutes later the server was compromised (wiped event logs, Cain and Abel installed etc).

Our machine was wiped, reinstalled and no further problem arose, but they initially seemed to deny that the two issues were related. Suggesting it would have been hacked externally via IIS vulnerabilities. Then 18 days later(!) they released a message advising all users with machines on the subnet that they had shutdown a malicious machine (not ours) on the subnet and to change passwords, run malware scans etc! Whether this was the same original machine or another server compromised I don't know. However our server was running with Cain and Abel and a whole lot more for quite a while as I checked it before it was taken off line for reinstallation.

Is this a common occurrence? Do most dedicated hosting providers have proper measures to prevent this or are there any measures I can take to prevent this happening again?

View 4 Replies View Related

Apache :: Use Disk To Enhance For Page Cache And Database Cache For Disk

Apr 24, 2013

I use apache with CentOS VPS hosting for my blog. I only host one blog in this VPS account. I have 1.5GB RAM and I have 7, 500 page preview per day. My page loading time is 2-3 seconds (according to the pingdom tool).

I want to know what is the best performance (faster web page loading) W3 Total cache option for VPS hosting blog. Currently I use Disk to enhance for page cache and database cache for disk.

View 2 Replies View Related

DNS Spoofing/poisoning Attack Defense

Nov 8, 2007

I'm concerned about dns spoofing

As explained here:
w w w. securesphere(dot)net/download/papers/dnsspoof.htm
I note the recommendations:

- To limit the cache and check that it's not keeping additional records.
- Not to make security systems to use/rely on DNS.
- Use cryptography like SSL, even if the problem remains the same, it increase difficulty level for the attacker (See article on Man in the Middle)

I did not on another site that the latest version of BIND for DNS should be installed.
I'm quite sure I'm being attacked in this way by a guy on the same network as my numerous commercial websites.
I'm setting a new server. I'm getting my own name server.

What steps should I take to best protect my self and my business against these attacks please?

(firewall? tips etc beside the above?) Please let me know as I want to set up and have a better than even bet I have shaken the guy.

View 2 Replies View Related

DNS Cache

Apr 17, 2009

I have moved my domain out of hostgator like a month ago..

[url]

The whois shows my new nameservers and IP

Why is my page being redirected to hostgator suspended page.

My domain is not even registered with them

the domain is nuzil.com

any reviews about that.

View 14 Replies View Related

Cpu Cache?

Apr 28, 2008

the NOCONA and IRWINDALE are old cpu,

i find the main difference of them is L2 cache (1MA2M),

i want to ask what service need more L2 cache?

for example:a lot of db usage? or httpd? or?

View 3 Replies View Related

Dst Cache Overflow

May 17, 2009

I guess I have finally seen the adverse effects of raising the conntrack table max too high.

May 15 09:13:52 cp4 kernel: [6430723.486626] dst cache overflow
May 15 09:13:52 cp4 kernel: [6430723.622616] dst cache overflow
May 15 09:13:56 cp4 kernel: [6430727.562862] dst cache overflow
May 15 09:13:56 cp4 kernel: [6430727.698868] dst cache overflow
May 15 09:13:56 cp4 kernel: [6430727.844221] dst cache overflow
May 15 09:13:56 cp4 kernel: [6430727.991276] dst cache overflow
May 15 09:13:56 cp4 kernel: [6430728.131962] dst cache overflow

I got tons of these during an attack today. I have googled around for a lil while and not have been able to find any useful info on raising this cache level up. Would anyone here know how to do this?

I see no sysctl settings or anything of that nature for it.

View 0 Replies View Related

Page Cache

Jul 25, 2009

I'm running shared hosting and would like to keep the amount kept in cache down so that there is always more memory free... how would i go about doing that?

are these values good?

echo 20 > /proc/sys/vm/dirty_background_ratio

echo 60 > /proc/sys/vm/dirty_ratio

View 1 Replies View Related

Server Cache

Oct 1, 2009

I have reseller account from small web service company.

they are great and better than the famous company.

but I have one problem. I have personal blog, some time I don't see the new comment, also my visitor see the comment before 4 days ago only.

and there is vb forum, some times new member can't login and only you see the old topic, and some times you see everything ok and up to date.

me and all my visitor have the same problem and that can't be from internet service provider because they are from several country.

I had such problem before 4 years and it was because server Cache.

I didn't name the company because they are great and I don't want to blame them before I know certainly what cause the problem.

View 6 Replies View Related

PHP And Cache-Control

Jan 27, 2008

I seem to have the opposite problem of what most people complain about... I'm using some custom-built PHP scripts, the output of which is not getting cached. I want the output cached, because it doesn't change often.

If it's relevant, I'm using ob_start() to serve up a GZIP-compressed page.

I start off with a header("Cache-Control: maxage=3600, must-revalidate"). Yes, it's first, and yes, it's showing up properly in the browser.

However, requesting the page again returns an HTTP 200, not the 304 I'm expecting. It's pulling down the whole page again. It's not changing in between requests, and I'm simply visiting the URL again, not hitting Refresh. (Although it really shouldn't matter.)

View 1 Replies View Related

Mysql Cache On A Vps

Apr 22, 2007

[url]

has an article on mysql query cache.
It notes that in the mysql config file, having

query-cache-type = 1

sets the mysql query cache.

In mysql I note that

SHOW VARIABLES LIKE '%query_cache%';

outputs

+-------------------+---------+
| Variable_name | Value |
+-------------------+---------+
| have_query_cache | YES |

which indicates that cache is set, but...

find . -name "my.cnf"

./usr/local/cpanel/whostmgr/my.cnf
./etc/my.cnf

shows only these

set-variable = max_connections=500
safe-show-database

So where has query cache been set?

At the server level?

If so, am I able to set the query_cache_size and if so, which path?

Anyone have any comments on their mysql optimization on a VPS?

View 0 Replies View Related

DNS/Proxy Cache

Jul 15, 2007

I made changes in httpd.conf to redirect website to another website; after 15min I removed redirect but until now when client request website they are redirecting.
I'm sure I remove redirect.

we are locating in UAE, UAE has transparent proxy for all Internet connections so I think the problem in proxy cache, How i can confirm it? then can I avoid it ?

also when I put dot "." at the end of link site working without redirect otherwise it's not working.

View 6 Replies View Related

Query Cache Denied

Jun 29, 2009

what does this mean? its been flooding /var/log/messages

Jun 28 08:12:50 host named[7649]: client 209.86.63.238#9427: query (cache) 'root.domain.tld/A/IN' denied
Jun 28 08:12:50 host named[7649]: client 209.86.63.230#42462: query (cache) 'root.domain.tld/A/IN' denied
Jun 28 08:12:50 host named[7649]: client 200.23.242.203#37863: query (cache) 'root.domain.tld/A/IN' denied
Jun 28 08:12:50 host named[7649]: client 212.93.151.237#8080: query (cache) 'root.domain.tld/A/IN' denied
Jun 28 08:12:50 host named[7649]: client 212.202.215.18#35119: query (cache) 'root.domain.tld/A/IN' denied
Jun 28 08:12:50 host named[7649]: client 212.93.151.237#40106: query (cache) 'root.domain.tld/A/IN' denied
Jun 28 08:12:50 host named[7649]: client 209.86.63.231#51272: query (cache) 'root.domain.tld/A/IN' denied

View 5 Replies View Related

Getting Around A Corporate Proxy Cache

Oct 7, 2009

I'm assuming a corporate proxy cache is what they have set up. I have a client and every time I send them changes to a temporary page I'm hosting for review they can't see it.

They can hit refresh over and over but never see the new updates unless I change the name of the folder its in.

This is very annoying and it only happens with them and one other corporate client i have. They check on multiple computers and it will never refresh and load the new changes. I think this is their network cache that their IT dept. set up.

How can I get around this? I tried an htaccess trick I looked up for expiring files but it didnt work.

These files are on a shared hosting of mine on an Apache server.

View 1 Replies View Related

Edit Linux Cache

Jul 5, 2009

root@host# free
total used free shared buffers cached
Mem: 4016936 2598976 1417960 0 138424 1558652
-/+ buffers/cache: 901900 3115036
Swap: 5275640 0 5275640
Eventually, the cache reaches 2600000 and i would like to keep the cache smaller so that the free RAM is always steady around 500k for when a lot of traffic comes through.

is there a way to clear the old cache out faster?

View 4 Replies View Related

EAccerlator And Cache Dir/RamDisk

Jul 9, 2009

How do I setup a RamDisk or a tmpfs mount? I want to setup cache_dir in memory.

My current settings:

extension="eaccelerator.so"
eaccelerator.shm_size="128"
eaccelerator.cache_dir="/tmp/eac"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="7200"
eaccelerator.shm_prune_period="3600"
eaccelerator.shm_only="1"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
eaccelerator.keys="shm_only"
eaccelerator.sessions="shm_only"
eaccelerator.content="shm_only"

View 5 Replies View Related

Core2Duo E2180 Vs P4 3.0Gz, 2MB Cache

Apr 20, 2008

Which would you choose:

Core2Duo E2180, 1MB Cache
P4 3.0Ghz, 2MB Cache

View 9 Replies View Related

Sda: For Cache Data Failed

Aug 11, 2007

We just upgraded our server with 8 brand new seagate cheetah 15k.5's, a battery backup unit, and a 256mb dimm for the raid controller. In the boot process, i noticed an error about caching or something.

After analyzing the dmesg log, i found the error:
sda: asking for cache data failed
sda: assuming drive cache: write through

It seems like the kernel can't get to the raid controllers cache, so it switches to the write through setting.

I've benchmarked the harddisks with the write through, and write back setting. The odd thing is that both settings deliver the same performance.

Normally, write back increases the performance with like 100%... That's why we bought the battery backup unit.

So something is going wrong, but where lays the problem?

Server:

Quote:

8 X seagate cheetah 15k.5, U320, 16mb cache, SCA, 73GB
1 X chenbro backplane, U320, SCA, 2 channels, 8 ports
1 X LSI megaraid 320-2x raid controller, U320, 2 channels, battery pack and 256 upgraded dimm
6 GB DDR PC3200, ECC, CL3
2 X AMD opteron dual cores (4 X 2.0 ghz)

View 3 Replies View Related

Dispatch.fcgi Kept In Cache

May 21, 2007

I have Django (python framework) on a server, and I have a little problem. The application is kept in cache by FastCGI

When you make changes to your application you have to restart it. Touching the file doesn't solve my problem. The only solution I have is renaming the .fcgi file always, and if you use an orifinal file name, it actually works like before, prooving it's kept in cache.

What would you do? A cron job to remove these files maybe?

View 3 Replies View Related

Flush Cache On CentOS

Jun 15, 2007

How do I flush the cache on CentOS cache and Buffer or either one.

on top command I see a lot of ram in cache and I want to flush the cache.

How do I do that? any kommands?

View 2 Replies View Related

EAccelerator Cache Size

Feb 1, 2007

how big I should set the cache size for eaccelerator?

Here's the information from the control.php

Caching enabled yes
Optimizer enabled yes
Memory usage 100.00% (16.00MB/ 16.00MB)
Free memory 0.00MB
Cached scripts 148
Removed scripts 0
Cached keys 0

View 1 Replies View Related

Cache The Dynamic Url (images)

Oct 3, 2007

I've got an application (java web ) tha dynamically creats images ( with dynamic url - ...tab&vi=nia&h=24&ds=bottom&fn...) - like thumbnails,icons ect.

The think I'm trying to deal with is to force caching theese images by a browser.

When the application starts the server gets images and shows code 200 ( and this images apppers in web browser cache), but after reloding or simply viewing the images from the cache url the server shows again code 200. I'd like to have code 304 - not modified - like when browser gets an image from cache.

The dynamic url for image is being created only once - when the appication starts, and after that it stays unchanged, but I still can't force use the cached images - like when it is a static url - .../image.jpg.

View 10 Replies View Related

Mysql And Query Cache

Jan 4, 2007

What is the good value to set query_cache_size. I have set it to 60 M and here
is the status. Is it good? I am not sure how to check this? Can anyone explain?

query_cache_size=60M

mysql> SHOW STATUS LIKE 'Qcache%';
+-------------------------+----------+
| Variable_name | Value |
+-------------------------+----------+
| Qcache_free_blocks | 5 |
| Qcache_free_memory | 62666440 |
| Qcache_hits | 922 |
| Qcache_inserts | 381 |
| Qcache_lowmem_prunes | 0 |
| Qcache_not_cached | 565 |
| Qcache_queries_in_cache | 182 |
| Qcache_total_blocks | 400 |
+-------------------------+----------+
8 rows in set (0.00 sec)

View 2 Replies View Related

PHP Accelerators (cache) CONS

May 2, 2007

I am currently wanting to add a cache engine that eases the apache server for my php scripts. I just wanted to make sure there weren't cons; bugs with certain pages that need to be reloaded very quickly? Has any of you already experienced such bugs with these progs? Which cache-accelerator would you suggest for php-mysql apache?

View 3 Replies View Related

When To Add More Ram. Swap/Cache/Buffer

May 23, 2007

When is a good time to add more ram?

Since I got my server its ran with 1gb ram and has kept a free of at least 400mb since that time.

Now withing a few hours all of it is being kept in buffer/cache as the past week an showing about 15mb free (not counting buffer/cache) and has started in on the disk swap of about 400Kb.

So should I upgrade to 2gb now or wait till it goes deeper into the swap, and if so how far into the swap before you'd upgrade?

View 14 Replies View Related

How To Troubleshoot Mmap Cache Problems

Jun 24, 2008

Could someone please help me with some information on how I can troubleshoot this issue?

[warn-phpd] mmap cache can't open /home/sitedir/)

It's happening on all the directories ie: sites on the server. Switching from phpsuexe back to running php dso fixes the issue, but how can I run phpsuexec and fix this problem? Any tips would be very much appreciated.

View 2 Replies View Related

Eaccelerator Cache Emptying Cron

Apr 9, 2009

I'm sure all of you who use eaccelerator know how big the cache can get and that it needs emptied manually. Well at least to my knowledge it does, the only thing I have seen that you can configure is the shm pruning. If anyone does know such a feature with eaccelerator please share. But I also notice a performance decrease and a few php errors mostly related to memory allocations here and there.

Anyway I was piddling around and came up with a command to disable eaccelerator from php.ini, delete the cache folder and then enable it back. I figured this would be good as a daily cron. I would like some input if anyone knows any better ways.

So I wanted to share this in case someone else here has the same problems with eaccelerator cache folder getting huge. If anyone knows a way to make this better or shorter please reply with solution.

Of course this will vary depending on where your php.ini is and where your eaccelerator cache is. Just replace those values with yours. I'm sure there is also a way to use similar commands to find and input these values, again if anyone knows please share.

Code:
find /usr/local/lib -name 'php.ini' | xargs perl -pi -e 's/extension="eaccelerator.so"/;extension="eaccelerator.so"/g' ; rm -rf /usr/lib/php/eacc ; mkdir /usr/lib/php/eacc ; chmod 4777 /usr/lib/php/eacc ; find /usr/local/lib -name 'php.ini' | xargs perl -pi -e 's/;extension="eaccelerator.so"/extension="eaccelerator.so"/g'

View 4 Replies View Related

Virtuozzo Centos 64-bit Vps Not Using Any Ram For Buffers Or Cache

Apr 25, 2009

I have a virtuozzo vps account 64-bit centos running whm/cpanel.

I've been having an issue with high load average at times while very little cpu is being used and there is plenty of ram free, and in looking into this, I've run into another thing that seems very odd to me:

free
total used free shared buffers cached
Mem: 786432 179944 606488 0 0 0
-/+ buffers/cache: 179944 606488

top - 22:29:52 up 15:30, 1 user, load average: 1.23, 1.55, 1.12
Tasks: 74 total, 1 running, 72 sleeping, 0 stopped, 1 zombie
Cpu(s): 0.0%us, 0.1%sy, 0.0%ni, 88.8%id, 11.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 786432k total, 174784k used, 611648k free, 0k buffers
Swap: 0k total, 0k used, 0k free, 0k cached

uname -r
2.6.18-028stab060.8
No memory being used for buffers or cache.

why no ram is being used to buffer/cache slower disk io?

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved