Dedicated Server And ARP Poisoning
Nov 4, 2007
I recently had a problem with a hacked dedicated server which was attacked by ARP Poisoning and a Remote Desktop man-in-the-middle attack from another dedicated server on the same subnet. Maybe unreasonably I expected controls in place to prevent this, better detection and better handling of this problem, lack of which have left me uneasy about the hosting.
I know using Remote Desktop with a cert would prevent the server being compromised, but my concern would then be HTTP traffic being hijacked and malware insertion, redirection to non HTTPS login pages, redirects to anywhere, etc. If ARP Poisoning occurs then even if my server is fully secure all the web addresses pointing to my server's IP are basically compromised by HTTP traffic redirection.
Before this happened I had assumed (bad idea) that there would be some kind of mac level assigning of IP addresses.
What level of protection from this type of problem should I expect from the Dedicated Server supplier on their network? Problem started after I rebooted our server, IP was grabbed and the network adaptor was disabled due to IP conflict, so machine didn't not respond to pings. I raised a ticket and was told
"when your server came up it couldn't use it's assigned IP address as for some unknown reason another device on the network is using it's IP, we're tracking down the device and we'll have your server operational in few minutes."
They re-enabled the network adaptor presumably without fully checking the situation. I assumed the situation was either an innocent misconfiguration or that the issue had been fully investigated and dealt with, I reconnected via remote desktop and a few minutes later the server was compromised (wiped event logs, Cain and Abel installed etc).
Our machine was wiped, reinstalled and no further problem arose, but they initially seemed to deny that the two issues were related. Suggesting it would have been hacked externally via IIS vulnerabilities. Then 18 days later(!) they released a message advising all users with machines on the subnet that they had shutdown a malicious machine (not ours) on the subnet and to change passwords, run malware scans etc! Whether this was the same original machine or another server compromised I don't know. However our server was running with Cain and Abel and a whole lot more for quite a while as I checked it before it was taken off line for reinstallation.
Is this a common occurrence? Do most dedicated hosting providers have proper measures to prevent this or are there any measures I can take to prevent this happening again?
View 4 Replies
ADVERTISEMENT
Aug 7, 2008
Upon reading http://www.theregister.co.uk/2008/08...sky_black_hat/ it appears those who use network address translation may be vulnerable to DNS cache poisoning even after patching their DNS servers.
"another 15 per cent are still vulnerable to some extent because they use network address translation gear that prevents the patch from working."
Thoughts?
View 2 Replies
View Related
Mar 19, 2008
What tools do you use to check for DNS Cache Poisoning ? Is there any way it can be prevented and is the problem very prevalent?
View 1 Replies
View Related
Jul 9, 2008
Vendors form alliance to fix DNS poisoning flaw
An alliance of software makers and network-hardware vendors announced on Tuesday that they had banded together to fix a fundamental flaw in the design of the internet's address system.
The vulnerability in the domain name system (DNS) - the distributed database that matches a host and domain name with the numerical address of a computer server - could give an attacker the ability to replace the addresses of popular websites with that of a malicious server, said Dan Kaminsky, director of penetration testing for security firm IOActive. Kaminsky found the flaw when he was doing non-security research on the domain name system (DNS) more than six months ago.
"It is a fundamental issue affecting the design," Kaminsky said. "Because the system is behaving exactly like it is supposed to behave, the same bug will show up in vendor after vendor after vendor. This one bug affected not just Microsoft ... not just Cisco, but everyone."
On Tuesday, a number of software and network-hardware vendors released patches for their products. On its regularly scheduled patch day, Microsoft released updates for Windows 2000, Windows XP and Windows Server 2003 to mitigate the issue, which the company ranked an important vulnerability, its second highest grade of severity. Internet Software Consortium, the group responsible for the development of the popular Berkeley Internet Name Domain (BIND) server, also released a patch, confirming that its software contained the vulnerability. Both Cisco and Juniper also acknowledged flawed systems.
Vendors have also provided the fix to certain large clients. Yahoo will be upgrading its name servers from BIND 8 to the latest version of BIND 9, the Internet Software Consortium stated during the conference call. Internet service provider Comcast has already patched its servers for the issue, according to internet infrastructure firm Nominum. Finally, the Computer Emergency Response Team (CERT) Coordination Center has contacted some other nation's response groups to inform them of the problem.
For the most part, however, internet service providers and companies each received the fix on Tuesday, said Sandy Wilbourn, vice president of engineering at Nominum. The goal: To have every major service provider and company apply their software patches in 30 days.
For that reason, don't expect immediate action, Wilbourn said.
"For key customers on our network, we have made a special effort to get them an early release to help solve this problem, and a number of them have finished deployment," he said. "But the nature of this patch is that we wanted to get the vendor side covered and then have deployment over the next 30 days. Anyone that is not patched by today or tomorrow is not doing anything wrong."
The domain-name system (DNS) has been a popular way to attack the internet in the past - it's an ill-kept secret that the DNS system is insecure. The way that many software applications, such as browsers, handle DNS requests has opened up users to attack. Microsoft has fixed a few vulnerabilities in the way Windows handles domain names - issues that could have lead to easier eavesdropping or simpler phishing attacks.
More here:[url]
View 6 Replies
View Related
Nov 26, 2007
What is your opinioun on the subject?
How could it be done?
View 1 Replies
View Related
Nov 8, 2007
I'm concerned about dns spoofing
As explained here:
w w w. securesphere(dot)net/download/papers/dnsspoof.htm
I note the recommendations:
- To limit the cache and check that it's not keeping additional records.
- Not to make security systems to use/rely on DNS.
- Use cryptography like SSL, even if the problem remains the same, it increase difficulty level for the attacker (See article on Man in the Middle)
I did not on another site that the latest version of BIND for DNS should be installed.
I'm quite sure I'm being attacked in this way by a guy on the same network as my numerous commercial websites.
I'm setting a new server. I'm getting my own name server.
What steps should I take to best protect my self and my business against these attacks please?
(firewall? tips etc beside the above?) Please let me know as I want to set up and have a better than even bet I have shaken the guy.
View 2 Replies
View Related
Sep 3, 2007
What is the difference between Dedicated Virtual vs Regular Dedicated Server?
Also what are the pros and cons of going with Virtual?
View 8 Replies
View Related
Apr 1, 2008
to move from shared windows hosting to Dedicated windows hosting. This will be our first dedicated server and experience with dealing it too.
Someone suggested me Rackspace. But they were charging premium rates 440 USD for entry level windows server.
View 14 Replies
View Related
Sep 7, 2008
I am currently using a shared hosting but due to increasing traffic and server load my existing host is not able to provide reliable services and I am planning to upgrade my hosting service.
While I was searching for Dedicated Servers, I learnt about Virtual Dedicated Servers but I am not very sure about their reliability? Are Virtual Dedicated Servers useful? My website current serves over 2500-3000 visitors a day resulting in 30,000 pageviews and I am expecting the traffic to grow by atleast 2 folds in the next few months as I start some PPC campaigns and Email Marketing for my website. Can a Virtual Dedicated Server cater such needs assuming my website to be more of less dynamic website written in php?
View 8 Replies
View Related
Oct 16, 2013
I have Plesk 11.5 (service provider mode) on a Windows 2008 server IIS7.Most of my sites are developed in .asp and therefore i use a custom 500-100.asp error page that check s the IP of the visitor then displays either a friendly error, or if its my IP a full error of what has happened (it also emails me the error). This allows me to debug pages easily whilst developing and to keep an eye on anyone trying SQL Injection hacks on my sites (as the error and email also have session variables and IP address).I dont have root access to the server as it is a Webfusion dedicated server.I have following the Plesk documentation -
1) Switch on custom errors for the subscription
2) Look in virtual directories and navigate to error documents
3) Find the error in question (500:100) and change it to point at either a file or URL
FILE - I had the data centre add in the 500-100.asp error page in to the virtual template so that my page is available in the list of virtual files - this didn't work but that maybe because its not a static page??
URL - when i add the path it says its incorrect, if i add a fully qualified address, it accepts it but it doesn't work.give me a specific example of the URL that can be entered relative to the root as the format in the documentation isn't accepted. The last step is to restart IIS which is also an issue as i cant seem to do this from the Plesk panel..It is as if it isn't catching the 500:100 error, and only catching the general 500 error??
View 1 Replies
View Related
Feb 11, 2009
What is the difference between a virtual private server and a dedicated server?
View 8 Replies
View Related
May 10, 2009
I am going to be buying a dedicated server from kimsufi Most likely the 2XL Package.
My streamers will be using my server aswell, On weekends we will be running 3-4 streams at a time, weekdays 1-2 at a time.
Spreading all the streams out, at anyone time we will have 300 viewers.
I need to know your advice on this before i go spending money.
How do i convert my dedi into a flash media server, i need red5 or something, thats all i know so far. My streamers wil be streaming to server with FME, And i also want it coded so that my streams can only be embedded on my site.
Basically i dont have a clue where to start, how long would it take me to set up etc....
In addition, what kind of server do i need, windows / linux / traffic / burstable / standard etc..
View 9 Replies
View Related
Jun 14, 2008
I'm expected to have around 1000-1500 users at a time after my ad compaign for my site.
currently, my setup is as follows:
VPS in UK
guaranteed memory: 256 burstable : 512
disk: 20GB
traffic: 200GB per month
price : 15 dollars a month
I would like to upgrade to :
guaranteed memory: 1GB
which is better ? to go with VPS ? or dedicated server ? which provider do u recommend ? how much am I expected to pay for my required setup ? what about CPU ?
View 12 Replies
View Related
Apr 6, 2009
Is it possible to upgrade a kernel on a dedicated server? I have a dedicated at Server.lu.
I opened a ticket with them, it was open for about a month with no reply.
How can I tell if GRUB or LILO is on the server somewhere?
View 14 Replies
View Related
Mar 22, 2008
I'd like to know, how do you backup a cPanel dedicated server to a remote FTP server? WHM's backup only allows you to backup the client's accounts, but not the cPanel settings, or the stuff in /etc?
View 5 Replies
View Related
Aug 6, 2008
I'm a a JAVA software developer and it happens that I need to configure a dedicated server running Win 2003.
It's already up and running with static IP address, however hosting offers a "Static IP Address", which doesn't really make sense, cause I already have one?
Other thing is domain name. Current domain name is registered with a different company and we don't really want to transfer it from that company. Can I get away with importing a domain name and changing MX records in the domain control panel?
Last thing is an email server. What do I need to set up an Email Server? I have a domain name with few POP3 email addresses. I thought about using hMail server for windows. What else do I need to do, pay for?
View 3 Replies
View Related
Apr 17, 2008
i want to know what is the difference between dedicated server and shared server. I was relaly confused in these services. Couls any one please let me know in detail about these servers?. I will be choosing one of these service.
View 4 Replies
View Related
Jun 17, 2008
My client is looking for a company that can provide managed dedicated servers for use with SQL Server 2k5 and IIS. I believe the client is looking to have everything installed for them and then be handed the keys once complete.
View 3 Replies
View Related
Oct 22, 2007
Whats the easiest way to create a private server within a dedicated server running cpanel/WHM/Fantastico?
I need to allow this 'virtual server', to host up to 10 domains, and for them to use their own nameservers, not the ones used on my dedicated server.
I have 2 IPs to spare, but I have no idea on how to do this.
Any help is much appreciated, or if you can guide me on where to get info on this.
i need this new reseller NOT to be identified with my own server (IPs)
View 7 Replies
View Related
Sep 29, 2008
I am new to VPS business and all, I would like to know how many VPS I can host in a single Dedicated Server ?
View 3 Replies
View Related
Jul 3, 2008
i'm looking for cheap dedicated server , do you know where is good provider?
and also ALLOW IRC.
I'm very-very looking for that kind of server.
View 14 Replies
View Related
Mar 8, 2009
i want to get a dedicated server and set up small VPSes on it so i can sell them to people this is the dedicated server im looking at
Processor AMDAthlon LE 1660
Hard disk 250 GB IDE
RAM 2 GB DDR 1/2
i need help on how to set it up when i get the server how ever when signing up for the server i get a list of these operating systems some whihc are for like virtualisaion
Hosting: Web / Emails / VPN / VoIP
Release 2, Release 1, Linux Plesk 9, Linux Plesk 8.4, Linux Plesk 8.0, cPanel, Extranet Group Work, Windows Plesk 8.1
Experts: raw distro
Debian 4.0 old-stable, Debian 5.0 Stable, Ubuntu Server 8.04, Ubuntu Server 8.10, Open Suse 11, Fedora 9, CentOS, Gentoo 2007, Gentoo 2008, Slackware 12.1, FreeBSD 6.2, FreeBSD 7.1, Windows 2003 Pro, Windows 2003 Basic
Virtualization
VMWare, Xen, Proxmox, Virtuozzo4
Remote desktop
Ubuntu Desktop 8.04
View 14 Replies
View Related
Feb 10, 2009
I have been given a fairly high spec dedicated server and I would like suggestions what I could do with it.
Briefly the spec is: Dual Opteron, Two 360GB HDD's, 4GB Ram, on Unmetered Bandwidth located in Germany.
I don't want to host anything like warez, torrent server or any web -hosting service. ( I already have a hosting server )
View 4 Replies
View Related
Oct 21, 2009
I got control of some colocation resource in Taipei, Hong Kong and several cities in China (Beijing, Shanghai and probably Guangzhou & Shenzhen), and is now considering starting a business by deploying blade servers into my racks with Internet bandwidth as well as private bandwidth interconnected between the above IDC.
My target will be corporation, web developer / SI who want their / their clients' web site or IP application online with target users in those regions.
I prefer to deploy VM or VPS instead of dedicated servers as space/electricity in China is very expensive and higher density should be the way to go.
So I'd like to know more what the difference is between VM and VPS in terms of customer perception and actual features.
In areas of VM and VPS, which vendor do you recommend and why?
View 2 Replies
View Related
Jun 12, 2009
I have one Dedicated server , with Centos 5 and Cpanel. I want with *a magic way* to have and some vps 4 -5 in the same server,
So my question is how i can install a vps in this server and also i am wondering if it any GNU vps software for my server also.
View 3 Replies
View Related
Oct 10, 2009
what is the difference between dedicated servers and VPS?
View 14 Replies
View Related
Apr 23, 2009
Is there any dedicated server providers, where you can change the whois, so you would be able to resell server, and if someone looked up or traceroute the ip it would look like you on the DC?
View 7 Replies
View Related
Aug 9, 2009
Just found out about these RPS Servers from my friend. They are dedicated servers without a Hard Drive directly inside of them. They are connected elsewhere for some reason however it makes them alot cheaper that way especially worth while for the need of Dedicated systems for low costs.
I wondered if anyone else had experiance using these systems and/or this host also?
And wanted to know if most thought these would be acceptable to run Shoutcast Hosting ? I know it depends on resources etc but I mean generally speaking with these specs. Im pretty convinced to get this rather than a VPS.
View 6 Replies
View Related
Jun 11, 2008
Anyone has a suggestion of a company that has respectable response time with a data center located within NYC with fast setup time?
I've a server with galaxyvision. they boast a 24/7 support, live chat doesn't work and they don't even answer the phone. Server's been down for 2 hours.
View 7 Replies
View Related
Jul 11, 2008
I have one dedicated server and the company cant give me extra ips for use on the dedicated server.
Can i buy some ips from other company to use on my dedicated server? (as failover ip).
View 4 Replies
View Related
Mar 18, 2008
I'm going to get a dedicated server with option to install my own OS. Is it possible to use a simple XP Pro ? or I have to go with Server 2003 ? what is the difference ? I barely need 90% of the server 2003 features. The only thing that is required is the windows environment for my own software.
View 6 Replies
View Related
