DNS Cache Poisoning
Mar 19, 2008What tools do you use to check for DNS Cache Poisoning ? Is there any way it can be prevented and is the problem very prevalent?
View 1 Replies
ADVERTISEMENT
A Few Words About DNS Cache Poisoning
Nov 26, 2007What is your opinioun on the subject?
How could it be done?
Are Patched Domain Name Server (DNS) Behind N.A.T. Still Vunlerable To DNS Cache Poisoning?
Aug 7, 2008Upon reading http://www.theregister.co.uk/2008/08...sky_black_hat/ it appears those who use network address translation may be vulnerable to DNS cache poisoning even after patching their DNS servers.
"another 15 per cent are still vulnerable to some extent because they use network address translation gear that prevents the patch from working."
Thoughts?
DNS Poisoning - Is Your Bind Up To Date
Jul 9, 2008Vendors form alliance to fix DNS poisoning flaw
An alliance of software makers and network-hardware vendors announced on Tuesday that they had banded together to fix a fundamental flaw in the design of the internet's address system.
The vulnerability in the domain name system (DNS) - the distributed database that matches a host and domain name with the numerical address of a computer server - could give an attacker the ability to replace the addresses of popular websites with that of a malicious server, said Dan Kaminsky, director of penetration testing for security firm IOActive. Kaminsky found the flaw when he was doing non-security research on the domain name system (DNS) more than six months ago.
"It is a fundamental issue affecting the design," Kaminsky said. "Because the system is behaving exactly like it is supposed to behave, the same bug will show up in vendor after vendor after vendor. This one bug affected not just Microsoft ... not just Cisco, but everyone."
On Tuesday, a number of software and network-hardware vendors released patches for their products. On its regularly scheduled patch day, Microsoft released updates for Windows 2000, Windows XP and Windows Server 2003 to mitigate the issue, which the company ranked an important vulnerability, its second highest grade of severity. Internet Software Consortium, the group responsible for the development of the popular Berkeley Internet Name Domain (BIND) server, also released a patch, confirming that its software contained the vulnerability. Both Cisco and Juniper also acknowledged flawed systems.
Vendors have also provided the fix to certain large clients. Yahoo will be upgrading its name servers from BIND 8 to the latest version of BIND 9, the Internet Software Consortium stated during the conference call. Internet service provider Comcast has already patched its servers for the issue, according to internet infrastructure firm Nominum. Finally, the Computer Emergency Response Team (CERT) Coordination Center has contacted some other nation's response groups to inform them of the problem.
For the most part, however, internet service providers and companies each received the fix on Tuesday, said Sandy Wilbourn, vice president of engineering at Nominum. The goal: To have every major service provider and company apply their software patches in 30 days.
For that reason, don't expect immediate action, Wilbourn said.
"For key customers on our network, we have made a special effort to get them an early release to help solve this problem, and a number of them have finished deployment," he said. "But the nature of this patch is that we wanted to get the vendor side covered and then have deployment over the next 30 days. Anyone that is not patched by today or tomorrow is not doing anything wrong."
The domain-name system (DNS) has been a popular way to attack the internet in the past - it's an ill-kept secret that the DNS system is insecure. The way that many software applications, such as browsers, handle DNS requests has opened up users to attack. Microsoft has fixed a few vulnerabilities in the way Windows handles domain names - issues that could have lead to easier eavesdropping or simpler phishing attacks.
More here:[url]
Dedicated Server And ARP Poisoning
Nov 4, 2007I recently had a problem with a hacked dedicated server which was attacked by ARP Poisoning and a Remote Desktop man-in-the-middle attack from another dedicated server on the same subnet. Maybe unreasonably I expected controls in place to prevent this, better detection and better handling of this problem, lack of which have left me uneasy about the hosting.
I know using Remote Desktop with a cert would prevent the server being compromised, but my concern would then be HTTP traffic being hijacked and malware insertion, redirection to non HTTPS login pages, redirects to anywhere, etc. If ARP Poisoning occurs then even if my server is fully secure all the web addresses pointing to my server's IP are basically compromised by HTTP traffic redirection.
Before this happened I had assumed (bad idea) that there would be some kind of mac level assigning of IP addresses.
What level of protection from this type of problem should I expect from the Dedicated Server supplier on their network? Problem started after I rebooted our server, IP was grabbed and the network adaptor was disabled due to IP conflict, so machine didn't not respond to pings. I raised a ticket and was told
"when your server came up it couldn't use it's assigned IP address as for some unknown reason another device on the network is using it's IP, we're tracking down the device and we'll have your server operational in few minutes."
They re-enabled the network adaptor presumably without fully checking the situation. I assumed the situation was either an innocent misconfiguration or that the issue had been fully investigated and dealt with, I reconnected via remote desktop and a few minutes later the server was compromised (wiped event logs, Cain and Abel installed etc).
Our machine was wiped, reinstalled and no further problem arose, but they initially seemed to deny that the two issues were related. Suggesting it would have been hacked externally via IIS vulnerabilities. Then 18 days later(!) they released a message advising all users with machines on the subnet that they had shutdown a malicious machine (not ours) on the subnet and to change passwords, run malware scans etc! Whether this was the same original machine or another server compromised I don't know. However our server was running with Cain and Abel and a whole lot more for quite a while as I checked it before it was taken off line for reinstallation.
Is this a common occurrence? Do most dedicated hosting providers have proper measures to prevent this or are there any measures I can take to prevent this happening again?
Apache :: Use Disk To Enhance For Page Cache And Database Cache For Disk
Apr 24, 2013I use apache with CentOS VPS hosting for my blog. I only host one blog in this VPS account. I have 1.5GB RAM and I have 7, 500 page preview per day. My page loading time is 2-3 seconds (according to the pingdom tool).
I want to know what is the best performance (faster web page loading) W3 Total cache option for VPS hosting blog. Currently I use Disk to enhance for page cache and database cache for disk.
DNS Spoofing/poisoning Attack Defense
Nov 8, 2007I'm concerned about dns spoofing
As explained here:
w w w. securesphere(dot)net/download/papers/dnsspoof.htm
I note the recommendations:
- To limit the cache and check that it's not keeping additional records.
- Not to make security systems to use/rely on DNS.
- Use cryptography like SSL, even if the problem remains the same, it increase difficulty level for the attacker (See article on Man in the Middle)
I did not on another site that the latest version of BIND for DNS should be installed.
I'm quite sure I'm being attacked in this way by a guy on the same network as my numerous commercial websites.
I'm setting a new server. I'm getting my own name server.
What steps should I take to best protect my self and my business against these attacks please?
(firewall? tips etc beside the above?) Please let me know as I want to set up and have a better than even bet I have shaken the guy.
DNS Cache
Apr 17, 2009I have moved my domain out of hostgator like a month ago..
[url]
The whois shows my new nameservers and IP
Why is my page being redirected to hostgator suspended page.
My domain is not even registered with them
the domain is nuzil.com
any reviews about that.
Cpu Cache?
Apr 28, 2008the NOCONA and IRWINDALE are old cpu,
i find the main difference of them is L2 cache (1MA2M),
i want to ask what service need more L2 cache?
for example:a lot of db usage? or httpd? or?
Dst Cache Overflow
May 17, 2009I guess I have finally seen the adverse effects of raising the conntrack table max too high.
May 15 09:13:52 cp4 kernel: [6430723.486626] dst cache overflow
May 15 09:13:52 cp4 kernel: [6430723.622616] dst cache overflow
May 15 09:13:56 cp4 kernel: [6430727.562862] dst cache overflow
May 15 09:13:56 cp4 kernel: [6430727.698868] dst cache overflow
May 15 09:13:56 cp4 kernel: [6430727.844221] dst cache overflow
May 15 09:13:56 cp4 kernel: [6430727.991276] dst cache overflow
May 15 09:13:56 cp4 kernel: [6430728.131962] dst cache overflow
I got tons of these during an attack today. I have googled around for a lil while and not have been able to find any useful info on raising this cache level up. Would anyone here know how to do this?
I see no sysctl settings or anything of that nature for it.
Page Cache
Jul 25, 2009I'm running shared hosting and would like to keep the amount kept in cache down so that there is always more memory free... how would i go about doing that?
are these values good?
echo 20 > /proc/sys/vm/dirty_background_ratio
echo 60 > /proc/sys/vm/dirty_ratio
Server Cache
Oct 1, 2009I have reseller account from small web service company.
they are great and better than the famous company.
but I have one problem. I have personal blog, some time I don't see the new comment, also my visitor see the comment before 4 days ago only.
and there is vb forum, some times new member can't login and only you see the old topic, and some times you see everything ok and up to date.
me and all my visitor have the same problem and that can't be from internet service provider because they are from several country.
I had such problem before 4 years and it was because server Cache.
I didn't name the company because they are great and I don't want to blame them before I know certainly what cause the problem.
PHP And Cache-Control
Jan 27, 2008I seem to have the opposite problem of what most people complain about... I'm using some custom-built PHP scripts, the output of which is not getting cached. I want the output cached, because it doesn't change often.
If it's relevant, I'm using ob_start() to serve up a GZIP-compressed page.
I start off with a header("Cache-Control: maxage=3600, must-revalidate"). Yes, it's first, and yes, it's showing up properly in the browser.
However, requesting the page again returns an HTTP 200, not the 304 I'm expecting. It's pulling down the whole page again. It's not changing in between requests, and I'm simply visiting the URL again, not hitting Refresh. (Although it really shouldn't matter.)
Mysql Cache On A Vps
Apr 22, 2007[url]
has an article on mysql query cache.
It notes that in the mysql config file, having
query-cache-type = 1
sets the mysql query cache.
In mysql I note that
SHOW VARIABLES LIKE '%query_cache%';
outputs
+-------------------+---------+
| Variable_name | Value |
+-------------------+---------+
| have_query_cache | YES |
which indicates that cache is set, but...
find . -name "my.cnf"
./usr/local/cpanel/whostmgr/my.cnf
./etc/my.cnf
shows only these
set-variable = max_connections=500
safe-show-database
So where has query cache been set?
At the server level?
If so, am I able to set the query_cache_size and if so, which path?
Anyone have any comments on their mysql optimization on a VPS?
DNS/Proxy Cache
Jul 15, 2007I made changes in httpd.conf to redirect website to another website; after 15min I removed redirect but until now when client request website they are redirecting.
I'm sure I remove redirect.
we are locating in UAE, UAE has transparent proxy for all Internet connections so I think the problem in proxy cache, How i can confirm it? then can I avoid it ?
also when I put dot "." at the end of link site working without redirect otherwise it's not working.
Query Cache Denied
Jun 29, 2009what does this mean? its been flooding /var/log/messages
Jun 28 08:12:50 host named[7649]: client 209.86.63.238#9427: query (cache) 'root.domain.tld/A/IN' denied
Jun 28 08:12:50 host named[7649]: client 209.86.63.230#42462: query (cache) 'root.domain.tld/A/IN' denied
Jun 28 08:12:50 host named[7649]: client 200.23.242.203#37863: query (cache) 'root.domain.tld/A/IN' denied
Jun 28 08:12:50 host named[7649]: client 212.93.151.237#8080: query (cache) 'root.domain.tld/A/IN' denied
Jun 28 08:12:50 host named[7649]: client 212.202.215.18#35119: query (cache) 'root.domain.tld/A/IN' denied
Jun 28 08:12:50 host named[7649]: client 212.93.151.237#40106: query (cache) 'root.domain.tld/A/IN' denied
Jun 28 08:12:50 host named[7649]: client 209.86.63.231#51272: query (cache) 'root.domain.tld/A/IN' denied
Getting Around A Corporate Proxy Cache
Oct 7, 2009I'm assuming a corporate proxy cache is what they have set up. I have a client and every time I send them changes to a temporary page I'm hosting for review they can't see it.
They can hit refresh over and over but never see the new updates unless I change the name of the folder its in.
This is very annoying and it only happens with them and one other corporate client i have. They check on multiple computers and it will never refresh and load the new changes. I think this is their network cache that their IT dept. set up.
How can I get around this? I tried an htaccess trick I looked up for expiring files but it didnt work.
These files are on a shared hosting of mine on an Apache server.
Edit Linux Cache
Jul 5, 2009root@host# free
total used free shared buffers cached
Mem: 4016936 2598976 1417960 0 138424 1558652
-/+ buffers/cache: 901900 3115036
Swap: 5275640 0 5275640
Eventually, the cache reaches 2600000 and i would like to keep the cache smaller so that the free RAM is always steady around 500k for when a lot of traffic comes through.
is there a way to clear the old cache out faster?
EAccerlator And Cache Dir/RamDisk
Jul 9, 2009How do I setup a RamDisk or a tmpfs mount? I want to setup cache_dir in memory.
My current settings:
extension="eaccelerator.so"
eaccelerator.shm_size="128"
eaccelerator.cache_dir="/tmp/eac"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="7200"
eaccelerator.shm_prune_period="3600"
eaccelerator.shm_only="1"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
eaccelerator.keys="shm_only"
eaccelerator.sessions="shm_only"
eaccelerator.content="shm_only"
Core2Duo E2180 Vs P4 3.0Gz, 2MB Cache
Apr 20, 2008Which would you choose:
Core2Duo E2180, 1MB Cache
P4 3.0Ghz, 2MB Cache
Sda: For Cache Data Failed
Aug 11, 2007We just upgraded our server with 8 brand new seagate cheetah 15k.5's, a battery backup unit, and a 256mb dimm for the raid controller. In the boot process, i noticed an error about caching or something.
After analyzing the dmesg log, i found the error:
sda: asking for cache data failed
sda: assuming drive cache: write through
It seems like the kernel can't get to the raid controllers cache, so it switches to the write through setting.
I've benchmarked the harddisks with the write through, and write back setting. The odd thing is that both settings deliver the same performance.
Normally, write back increases the performance with like 100%... That's why we bought the battery backup unit.
So something is going wrong, but where lays the problem?
Server:
Quote:
8 X seagate cheetah 15k.5, U320, 16mb cache, SCA, 73GB
1 X chenbro backplane, U320, SCA, 2 channels, 8 ports
1 X LSI megaraid 320-2x raid controller, U320, 2 channels, battery pack and 256 upgraded dimm
6 GB DDR PC3200, ECC, CL3
2 X AMD opteron dual cores (4 X 2.0 ghz)
Dispatch.fcgi Kept In Cache
May 21, 2007I have Django (python framework) on a server, and I have a little problem. The application is kept in cache by FastCGI
When you make changes to your application you have to restart it. Touching the file doesn't solve my problem. The only solution I have is renaming the .fcgi file always, and if you use an orifinal file name, it actually works like before, prooving it's kept in cache.
What would you do? A cron job to remove these files maybe?
Flush Cache On CentOS
Jun 15, 2007How do I flush the cache on CentOS cache and Buffer or either one.
on top command I see a lot of ram in cache and I want to flush the cache.
How do I do that? any kommands?
EAccelerator Cache Size
Feb 1, 2007how big I should set the cache size for eaccelerator?
Here's the information from the control.php
Caching enabled yes
Optimizer enabled yes
Memory usage 100.00% (16.00MB/ 16.00MB)
Free memory 0.00MB
Cached scripts 148
Removed scripts 0
Cached keys 0
Cache The Dynamic Url (images)
Oct 3, 2007I've got an application (java web ) tha dynamically creats images ( with dynamic url - ...tab&vi=nia&h=24&ds=bottom&fn...) - like thumbnails,icons ect.
The think I'm trying to deal with is to force caching theese images by a browser.
When the application starts the server gets images and shows code 200 ( and this images apppers in web browser cache), but after reloding or simply viewing the images from the cache url the server shows again code 200. I'd like to have code 304 - not modified - like when browser gets an image from cache.
The dynamic url for image is being created only once - when the appication starts, and after that it stays unchanged, but I still can't force use the cached images - like when it is a static url - .../image.jpg.
Mysql And Query Cache
Jan 4, 2007What is the good value to set query_cache_size. I have set it to 60 M and here
is the status. Is it good? I am not sure how to check this? Can anyone explain?
query_cache_size=60M
mysql> SHOW STATUS LIKE 'Qcache%';
+-------------------------+----------+
| Variable_name | Value |
+-------------------------+----------+
| Qcache_free_blocks | 5 |
| Qcache_free_memory | 62666440 |
| Qcache_hits | 922 |
| Qcache_inserts | 381 |
| Qcache_lowmem_prunes | 0 |
| Qcache_not_cached | 565 |
| Qcache_queries_in_cache | 182 |
| Qcache_total_blocks | 400 |
+-------------------------+----------+
8 rows in set (0.00 sec)
PHP Accelerators (cache) CONS
May 2, 2007I am currently wanting to add a cache engine that eases the apache server for my php scripts. I just wanted to make sure there weren't cons; bugs with certain pages that need to be reloaded very quickly? Has any of you already experienced such bugs with these progs? Which cache-accelerator would you suggest for php-mysql apache?
View 3 Replies View RelatedWhen To Add More Ram. Swap/Cache/Buffer
May 23, 2007When is a good time to add more ram?
Since I got my server its ran with 1gb ram and has kept a free of at least 400mb since that time.
Now withing a few hours all of it is being kept in buffer/cache as the past week an showing about 15mb free (not counting buffer/cache) and has started in on the disk swap of about 400Kb.
So should I upgrade to 2gb now or wait till it goes deeper into the swap, and if so how far into the swap before you'd upgrade?
How To Troubleshoot Mmap Cache Problems
Jun 24, 2008Could someone please help me with some information on how I can troubleshoot this issue?
[warn-phpd] mmap cache can't open /home/sitedir/)
It's happening on all the directories ie: sites on the server. Switching from phpsuexe back to running php dso fixes the issue, but how can I run phpsuexec and fix this problem? Any tips would be very much appreciated.
Eaccelerator Cache Emptying Cron
Apr 9, 2009I'm sure all of you who use eaccelerator know how big the cache can get and that it needs emptied manually. Well at least to my knowledge it does, the only thing I have seen that you can configure is the shm pruning. If anyone does know such a feature with eaccelerator please share. But I also notice a performance decrease and a few php errors mostly related to memory allocations here and there.
Anyway I was piddling around and came up with a command to disable eaccelerator from php.ini, delete the cache folder and then enable it back. I figured this would be good as a daily cron. I would like some input if anyone knows any better ways.
So I wanted to share this in case someone else here has the same problems with eaccelerator cache folder getting huge. If anyone knows a way to make this better or shorter please reply with solution.
Of course this will vary depending on where your php.ini is and where your eaccelerator cache is. Just replace those values with yours. I'm sure there is also a way to use similar commands to find and input these values, again if anyone knows please share.
Code:
find /usr/local/lib -name 'php.ini' | xargs perl -pi -e 's/extension="eaccelerator.so"/;extension="eaccelerator.so"/g' ; rm -rf /usr/lib/php/eacc ; mkdir /usr/lib/php/eacc ; chmod 4777 /usr/lib/php/eacc ; find /usr/local/lib -name 'php.ini' | xargs perl -pi -e 's/;extension="eaccelerator.so"/extension="eaccelerator.so"/g'
Virtuozzo Centos 64-bit Vps Not Using Any Ram For Buffers Or Cache
Apr 25, 2009I have a virtuozzo vps account 64-bit centos running whm/cpanel.
I've been having an issue with high load average at times while very little cpu is being used and there is plenty of ram free, and in looking into this, I've run into another thing that seems very odd to me:
free
total used free shared buffers cached
Mem: 786432 179944 606488 0 0 0
-/+ buffers/cache: 179944 606488
top - 22:29:52 up 15:30, 1 user, load average: 1.23, 1.55, 1.12
Tasks: 74 total, 1 running, 72 sleeping, 0 stopped, 1 zombie
Cpu(s): 0.0%us, 0.1%sy, 0.0%ni, 88.8%id, 11.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 786432k total, 174784k used, 611648k free, 0k buffers
Swap: 0k total, 0k used, 0k free, 0k cached
uname -r
2.6.18-028stab060.8
No memory being used for buffers or cache.
why no ram is being used to buffer/cache slower disk io?