DNS Poisoning - Is Your Bind Up To Date

Jul 9, 2008

Vendors form alliance to fix DNS poisoning flaw

An alliance of software makers and network-hardware vendors announced on Tuesday that they had banded together to fix a fundamental flaw in the design of the internet's address system.

The vulnerability in the domain name system (DNS) - the distributed database that matches a host and domain name with the numerical address of a computer server - could give an attacker the ability to replace the addresses of popular websites with that of a malicious server, said Dan Kaminsky, director of penetration testing for security firm IOActive. Kaminsky found the flaw when he was doing non-security research on the domain name system (DNS) more than six months ago.

"It is a fundamental issue affecting the design," Kaminsky said. "Because the system is behaving exactly like it is supposed to behave, the same bug will show up in vendor after vendor after vendor. This one bug affected not just Microsoft ... not just Cisco, but everyone."

On Tuesday, a number of software and network-hardware vendors released patches for their products. On its regularly scheduled patch day, Microsoft released updates for Windows 2000, Windows XP and Windows Server 2003 to mitigate the issue, which the company ranked an important vulnerability, its second highest grade of severity. Internet Software Consortium, the group responsible for the development of the popular Berkeley Internet Name Domain (BIND) server, also released a patch, confirming that its software contained the vulnerability. Both Cisco and Juniper also acknowledged flawed systems.

Vendors have also provided the fix to certain large clients. Yahoo will be upgrading its name servers from BIND 8 to the latest version of BIND 9, the Internet Software Consortium stated during the conference call. Internet service provider Comcast has already patched its servers for the issue, according to internet infrastructure firm Nominum. Finally, the Computer Emergency Response Team (CERT) Coordination Center has contacted some other nation's response groups to inform them of the problem.

For the most part, however, internet service providers and companies each received the fix on Tuesday, said Sandy Wilbourn, vice president of engineering at Nominum. The goal: To have every major service provider and company apply their software patches in 30 days.

For that reason, don't expect immediate action, Wilbourn said.

"For key customers on our network, we have made a special effort to get them an early release to help solve this problem, and a number of them have finished deployment," he said. "But the nature of this patch is that we wanted to get the vendor side covered and then have deployment over the next 30 days. Anyone that is not patched by today or tomorrow is not doing anything wrong."

The domain-name system (DNS) has been a popular way to attack the internet in the past - it's an ill-kept secret that the DNS system is insecure. The way that many software applications, such as browsers, handle DNS requests has opened up users to attack. Microsoft has fixed a few vulnerabilities in the way Windows handles domain names - issues that could have lead to easier eavesdropping or simpler phishing attacks.

More here:[url]

View 6 Replies


DNS Cache Poisoning

Mar 19, 2008

What tools do you use to check for DNS Cache Poisoning ? Is there any way it can be prevented and is the problem very prevalent?

View 1 Replies View Related

A Few Words About DNS Cache Poisoning

Nov 26, 2007

What is your opinioun on the subject?

How could it be done?

View 1 Replies View Related

Dedicated Server And ARP Poisoning

Nov 4, 2007

I recently had a problem with a hacked dedicated server which was attacked by ARP Poisoning and a Remote Desktop man-in-the-middle attack from another dedicated server on the same subnet. Maybe unreasonably I expected controls in place to prevent this, better detection and better handling of this problem, lack of which have left me uneasy about the hosting.

I know using Remote Desktop with a cert would prevent the server being compromised, but my concern would then be HTTP traffic being hijacked and malware insertion, redirection to non HTTPS login pages, redirects to anywhere, etc. If ARP Poisoning occurs then even if my server is fully secure all the web addresses pointing to my server's IP are basically compromised by HTTP traffic redirection.

Before this happened I had assumed (bad idea) that there would be some kind of mac level assigning of IP addresses.

What level of protection from this type of problem should I expect from the Dedicated Server supplier on their network? Problem started after I rebooted our server, IP was grabbed and the network adaptor was disabled due to IP conflict, so machine didn't not respond to pings. I raised a ticket and was told

"when your server came up it couldn't use it's assigned IP address as for some unknown reason another device on the network is using it's IP, we're tracking down the device and we'll have your server operational in few minutes."

They re-enabled the network adaptor presumably without fully checking the situation. I assumed the situation was either an innocent misconfiguration or that the issue had been fully investigated and dealt with, I reconnected via remote desktop and a few minutes later the server was compromised (wiped event logs, Cain and Abel installed etc).

Our machine was wiped, reinstalled and no further problem arose, but they initially seemed to deny that the two issues were related. Suggesting it would have been hacked externally via IIS vulnerabilities. Then 18 days later(!) they released a message advising all users with machines on the subnet that they had shutdown a malicious machine (not ours) on the subnet and to change passwords, run malware scans etc! Whether this was the same original machine or another server compromised I don't know. However our server was running with Cain and Abel and a whole lot more for quite a while as I checked it before it was taken off line for reinstallation.

Is this a common occurrence? Do most dedicated hosting providers have proper measures to prevent this or are there any measures I can take to prevent this happening again?

View 4 Replies View Related

DNS Spoofing/poisoning Attack Defense

Nov 8, 2007

I'm concerned about dns spoofing

As explained here:
w w w. securesphere(dot)net/download/papers/dnsspoof.htm
I note the recommendations:

- To limit the cache and check that it's not keeping additional records.
- Not to make security systems to use/rely on DNS.
- Use cryptography like SSL, even if the problem remains the same, it increase difficulty level for the attacker (See article on Man in the Middle)

I did not on another site that the latest version of BIND for DNS should be installed.
I'm quite sure I'm being attacked in this way by a guy on the same network as my numerous commercial websites.
I'm setting a new server. I'm getting my own name server.

What steps should I take to best protect my self and my business against these attacks please?

(firewall? tips etc beside the above?) Please let me know as I want to set up and have a better than even bet I have shaken the guy.

View 2 Replies View Related

Are Patched Domain Name Server (DNS) Behind N.A.T. Still Vunlerable To DNS Cache Poisoning?

Aug 7, 2008

Upon reading http://www.theregister.co.uk/2008/08...sky_black_hat/ it appears those who use network address translation may be vulnerable to DNS cache poisoning even after patching their DNS servers.

"another 15 per cent are still vulnerable to some extent because they use network address translation gear that prevents the patch from working."


View 2 Replies View Related

How To Set Date On My VPS

Oct 24, 2008

How can set a different date (of the system date) on my VPS?

I try with "date -s" but I can't change it.

I need to set up the year to 2004, for a legacy application.

View 9 Replies View Related

How Do I Keep An Up-to-date Backup

Jun 1, 2008

I had a big scare today. My server (vps) went down and I had no way of contacting my provider because their whole system had crashed.

I've got backups but I had never thought of a provider crash, so I left the backups on my server. I would like to keep an up-to-date backup on my computer at home.

How do I do this? I've heard of rsync, but I don't know what it is or how it works.

View 14 Replies View Related

Changing Date On A VPS

Aug 27, 2007

to change system date back and forth.

Of course 'date -s' doesn't work on VPS. Using zic and timezones > /etc/localtime could help up to (almost) 24 hours, but dates are out of range.

Some systems can enable something like defying "Time Drift" as on some Xen versions (as shown below), but unfortunately my provider apparently doesn't support it.

# set independent_wallclock
# echo 1 > /proc/sys/xen/independent_wallclock

Is there any other way to change date on a VPS?

View 9 Replies View Related

Expiry Date Of Web Hosting

Jun 25, 2009

What is the way to check the expiry date of a website. Actually someone hosted my site on my behalf. I do not have password etc. My host is Jkookserver.

View 19 Replies View Related

WHMCS Billing Date

Nov 9, 2008

I have been in contact with WHMCS but i still cant seem to work it out properly.

What i am trying to achieve is, for not to do prorata billing and for the customer only to pay for what is rest of the month.


to make all due invoices be sent out on the 1st of every month and give customers 5 days to pay the invoice before late fees will be applied.

To get this done can someone tell me what i set these options at please?

Charge Next Month - This section is in the pricing section of the item.

Prorata date - Do i set that if im not going to be doing prorata billing?

Invoice Generation - What day do i set this to to achieve what i want above?

View 3 Replies View Related

Cpanel Expire Date

Jun 23, 2008

How can active cpanel expire date?

View 3 Replies View Related

Changing System Date

Nov 8, 2007

We have a server located in USA. We have hosted an application for online booking of travel tickets. The customer wanted to change the system date to IST instead of EDT which we did. Now, if we try to change the system date to a future date in order to test our application, the date automatically resets to the current date. This happens only if we have the timezone as IST. If we change the system date to EDT, then after changing the system date, it does not reset automatically. It changes only if we modify it manually. However, if we change the timezone to IST, then the system date resets automatically back to the current date. We have stopped the W32 Time service and also blocked the port 123. We have also disabled the automatic synchronization with the internet time server.

View 4 Replies View Related

DedicatedBox.net Disconnect Server Before Due Date

Jun 27, 2008

I have a server with DedicatedBox.net. My billing cycle is 26th every month, but they always disconnect my server if I don't make payment before 22th or 23th. I complained to them by email, their helpdesk and WHT PM. They did response to me, but can't have the issue resolved.

In this month, I forgot to pay in advance. They disconnected my server on 23th as always. I sent a ticket #499717 and nobody responses to me. Whether they disappear or just ignore me, it's a warning to me, so I decided to leave them. Luckily I have a backup for all my data.

This is my bad experience with DedicatedBox.net.

View 13 Replies View Related

Change The Setup Date In Cpanel

Apr 26, 2008

I terminated an account in WHM and when I created again, the setup date in list of accounts changed to today,

How can I edit this time?

View 3 Replies View Related

DNS Error: Ignoring Out-of-zone Date

May 27, 2007

i have nameservers setup on my server using (for example) ns1.domain.net and ns2.domain.net with ips and, respectively.

Heres my zone file generated by WHM for ns1

; Modified by Web Host Manager
; Zone File for ns1.animeost.net
$TTL 14400
@ 86400 IN SOA ns1.domain.net. user.gmail.com. (
ns1.domain.net. 86400 IN NS ns1.domain.net.
ns2.domain.net. 86400 IN NS ns2.domain.net.
ns1.domain.net. 14400 IN A
localhost.ns1.domain.net. 14400 IN A
Heres my zone file generated by WHM for ns2

; Modified by Web Host Manager
; Zone File for ns1.animeost.net
$TTL 14400
@ 86400 IN SOA ns1.domain.net. user.gmail.com. (
ns1.domain.net. 86400 IN NS ns1.domain.net.
ns2.domain.net. 86400 IN NS ns2.domain.net.
ns2.domain.net. 14400 IN A
localhost.ns2.domain.net. 14400 IN A
After i restarted bind, it gave me the error in /var/log/messages

May 27 15:55:18 mail named[89641]: starting BIND 9.3.4 -u bind -c /etc/namedb/named.conf -t /var/named -u bind
May 27 15:55:18 mail named[89641]: command channel listening on
May 27 15:55:18 mail named[89641]: /etc/namedb/ns1.domain.net.db:13: ignoring out-of-zone data (ns2.animeost.net)
May 27 15:55:18 mail named[89641]: /etc/namedb/ns2.domain.net.db:12: ignoring out-of-zone data (ns1.animeost.net)
May 27 15:55:18 mail named[89641]: running
I believe that ignoring out-of-zone data is causing my dns to not work properly. I can't ping ns1.domain.net, ns2.domain.net, and domain.net.

View 14 Replies View Related

VPS Date Refuses To Change. Lunix

Sep 11, 2007

I'm having problems trying to change the date, no matter what I enter in webmin or shell it keeps the existing date and I've tried ntp.

Fed Core 6

View 5 Replies View Related

How To Setting Mysql Date/time

Mar 5, 2007

how to setting mysql data / time?

server have -9 H from our

We have setting under WHM for time server but we also need to setting mysql

View 1 Replies View Related

Wrong Date/Time On Server

Oct 17, 2007

The other server that I'm working on issues the wrong date/time when I run

$ date

Wed Oct 17 20:01:03 CDT 2007

I tried the same command on the other server

Wed Oct 17 11:01:03 CDT 2007

View 7 Replies View Related

Up To Date Php/perl & Libcurl Support - Which Provider

May 2, 2009

I am searching for a web hosting provider that offers up to date php and libcurl versions (or up to date perl plus libcurl). Any provider that you could recommend? Many thanks for some feedback!

My current provider (Yahoo Small Business ) offers the following php & libcurl combination: php 4.3.11 libcurl/7.12.0 OpenSSL/0.9.6g zlib/1.1.3.

I posted that to a libcurl mailing list, and the answer was the following:

> 1. That's using the PHP/CURL binding (which could explain

> something), and a version of it (the entire PHP version)

> that's over 4 years old

> 2. That's a libcurl version which is 29 releases old. Soon

> celebrating 5 years! (and the OpenSSL version is similarly

> outdated)

5 years! So what I'd need is a provider offering php 5 and the latest libcurl, or (even better) a provider that offers perl in combination with an up to date libcurl version (Yahoo comes with perl, but libcurl not included).

View 6 Replies View Related

Delete Files Created On A Specific Date

Jun 28, 2008

Is there a quick shell command to find (inside a directory) and delete all the files created e.g. on January 10, 2008 ?

View 2 Replies View Related

Variable Filenames By Date In Cron Jobs

Mar 12, 2008

How do you insert variables in cron jobs? e.g. the current date.

Let's say I want to back up a file and append the date to it.

0 0 * * * cp /some/file.txt /some/outputfile_[DATE].txt >/dev/null
(note that I'm not sure the cp will actually work like that, it's just an example)

Where outputfile_[DATE].txt has the date in it.

Are there variables cron can use for date, hour, minute, etc.?

View 4 Replies View Related

Cisco Sets Last Sale Date For PIX Firewall

Feb 4, 2008

Thought this might be of interest since the PIX vs. ASA devices are frequently discussed here ...

View 1 Replies View Related

Chaning Hosting Companies Is A Blind Date

Dec 30, 2008

Changing hosting companies is pain, let's admit it. You don't know what you're getting until you get it. Yes, it's like blind date.

The hosting company is talked up and fake reviews are posted in hopes of getting an affiliate commission. Some "companies" are actually Uncle George with a reseller account acting like he has a staff of 20 people.

So recently I was looking to 'downsize' after having a dedicated server for 20 months. There's was a hiccup with the hosting company. The email file permissions was constantly getting changed. It was a mystery because everytime tech support fixed it; the next day, it would happen again!

The operations manager was in contact by telephone and even gave me his cell phone number. I was also in telephone contact with Tech Support constantly until they have found the culprit - an old, invalid Cpanel Skin.

After the ordeal, I praise the team and company. But a week later, Omaha Steaks should up at my doorstep. Wow!

Well, now it's a year later and I need to downsize.

I looked at BlueHost, HostGater, Ixhosting, HostingExcellence and others... I could NOT believe what they offered for the money. I looked and looked.. and was excited that I could downgrade from a dedicated server and save $150 a month!

Finally, I decided to try BlueHost reluctantly.. as a test. But I tried to sign up for 30 minutes and the site was down. Uh-oh....

My gut - This is a wake up call.

Stick with what's WORKING.

I immediately emailed the Operations Mgr that hosts my dedicated server. Told him what I wanted. I needed a reseller account with additional IPs. He directed me to exactly what I needed and then asked if we could work something out on my current server. But with my sites slacking off, I just settled on a Reseller account.

They transferred everything and the site got a Internal Error (500).. err.. but don't worry - Tech Support found the .htaccess file was using suexec on the old server. So they commented it out and the sites appeared.

The POINT IS: Stick with WHO you know and What's WORKING. Yes, the current host may be a few nickels more than the Popular Hosting companies advertising in the magazines.. but they do NOT beat the support I've received over the last 20 months.

Final Review: I cannot praise HostDime enough. They are awesome. Mike K. is fantastic. I will keep my account there and it will run into the 3 third year in a few months.

www.HostDime.com is a REAL company, charging very reasonable rates, and you get the best support ever. They guys & gals won't give up until they solve the problem.
If you're considering moving hosts, try them.

View 11 Replies View Related

My Midpulse Experience - Accounts Are Suspended Before Due Date

Sep 23, 2008

I have been with Midpulse for about a month, while hosting has been fine, but they really have serious issues with Billing.

I had selected Paypal Subscription when I signed up on 22-Aug and the subscription is paypable today 23-Sep, yet Midpulse Suspended my account yesterday itself for Non-payment Now, I'm confused whether I should cancel Paypal subscription or not.

Plus their HTTPS Billing area does not even open... so how the hell are customers supposed to Login to Billing area...

View 14 Replies View Related

Download Free, Up-to-date HyperVM OS Templates For OpenVZ And Xen Here!

Mar 10, 2009

I have recently created a bunch of OS templates for HyperVM as their current set were hugely outdated / unsuitable.

The images tagged modernadmin all include preconfigured DenyHosts to prevent SSH brute forcing of your customers VPS.

Available are the following for OpenVZ:
ubuntu-8.04-i386-modernadmin.tar.gz70,725.7KB ...

View 12 Replies View Related

Easy Methods For Migrating My Date/site From One Server To Another?

Dec 28, 2008

Going to be migrating over to another server pretty soon.

Does anyone have any easy methods for migrating my date/site from one server to another?

View 8 Replies View Related

Plesk 12.x / Linux :: Updating Out Of Date Components Included In VPS

Dec 5, 2014

How to update out of date components included in VPS? For instance...

rkhunter is at v1.3.4 whereas the current version is 1.4.2. Why both about updating? Well, in part to reduce the number of false-positive warnings and in part to gain more current protection.

A yum update isn't possible as 1.4.x has moved on quite significantly from 1.3.x and while downloading and installing rkhunter isn't terrible difficult, trying to get it to update the 1.3.4 version included with VPS seems somewhat more difficult...

SpamAssassin is at v3.3.1-3 whereas 3.4.0 is the current release version and 3.3.2 is no longer supported, meaning 3.3.1 is definately way out of support. Why bother? Better spam detection and blocking

When VPS will update to something nearer current versions of both of these components?

View 1 Replies View Related

Copyrights 2005-15 www.BigResource.com, All rights reserved