Hackers could take over the Web

rpm · Jul 9, 2008

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web.

w1z4rd · Jul 9, 2008

sudo apt-get update
sudo apt-get upgrade

*fixed*

I wondered why we had DNS related updates today.. around 800kb.

Guess its time to update bind on all my servers quickly.

Pilgrim · Jul 9, 2008

Your name server, at 196.43.45.190, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 33874Requests seen for fe4213257f97.toorrr.com:
196.43.45.190:33874 TXID=8729
196.43.45.190:33874 TXID=40426
196.43.45.190:33874 TXID=23295
196.43.45.190:33874 TXID=65430
196.43.45.190:33874 TXID=20104

Uhm, what does this mean?

.Froot. · Jul 9, 2008

Next thing we know they hack into all the ubuntu update servers and upload their evil scheming cracked-DNS and lable it as the patch

w1z4rd · Jul 9, 2008

Your name server, at xxxxxxxxxxx, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 59684Requests seen for 094ef6fghfgh5a673c.toorrr.com:

Update your DNS. Get your ISP to update its DNS. Though by now I am sure they know.

LazyLion · Jul 9, 2008

Slashdot has more info...

http://it.slashdot.org/it/08/07/08/195225.shtml

Le^stat · Jul 9, 2008

Hax the Planet DooDs

w1z4rd · Jul 9, 2008

Firmware updates on all routers will also be required.

The_Unbeliever · Jul 9, 2008

w1z4rd said:
Firmware updates on all routers will also be required.

Wonder if Telkom will do it... and how much of the network they'll screw up...

McGuywer · Jul 9, 2008

How does one update the DNS?

eltherza · Jul 9, 2008

More chance of someone stealing my wallet

Globetrotter · Jul 9, 2008

w1z4rd said:
Get your ISP to update its DNS. Though by now I am sure they know.

Well I sincerely hope they know!

I'm on SAIX and just did that DNS check on the DoxPara site as the article suggested and it says the DNS server is vulnerable, so Telkom's DNS servers clearly still need to be updated with the patch. Maybe RPM can officially inform them of the problem because I'm not convinced that Telkom reads all the necessary security bulletins.

Your name server, at xxx.xxx.xxx.xxx, appears vulnerable to DNS Cache Poisoning.

astrauss · Jul 9, 2008

Does anyone know what exactly the vulnerability is and what it does. The article does not even attempt to explain.

w1z4rd · Jul 9, 2008

astrauss said:
Does anyone know what exactly the vulnerability is and what it does. The article does not even attempt to explain.

They are keeping info tight on the hole.. but here is one persons opinion

It's reasonably obvious from the CERT advisory how an attack would work. The CERT advisory tells us that the vulnerable systems are ones where the 16-bit DNS transaction ID and the 16-bit port number for a transaction are not randomly chosen. The CERT advisory also tells us that the attacker must be able to spoof IP addresses, that is, they must not be behind some ISP with egress filtering. CERT also tells us that it's a DNS poisoning attack.

So it looks like a form of this attack documented in 2003 [net-security.org] at "Cache Poisoning using DNS Transaction ID Prediction". Back in 2003, it took a large number of packets to make this attack work, and even then it wasn't reliable. But there may be a more cost-effective attack strategy if you know how the DNS server assigns transaction numbers and ports.

The fundamental problem comes from 1) the fact that source IP addresses can be forged, and 2) the DNS transaction ID, at 16 bits, is far too short to be considered a useful random key. Any key with security implications should be at least 64 bits and be generated by a crypto-grade random number generator.

Threepwood · Jul 9, 2008

I just did the test and also am on SAIX Telkom.

Guess what, my name server is vulnerable to DNS cache poisoning, big surprise.

So how do we get Telkom (and other ISPs) to resolve this issue?

Is using OpenDNS perhaps an option till Telkom sorts itself out?

lilGr · Jul 9, 2008

eltherza said:
More chance of someone stealing my wallet

lol!!!

Rynomster · Jul 9, 2008

lollol
H4ck the pl4n3t!!!

Threepwood · Jul 9, 2008

Geeze you guys seem to be taking this lightly, I realise it's unlikely for there to be problems, due to safety in numbers if nothing else,But surely this issue is worth addressing?

w1z4rd · Jul 9, 2008

Threepwood said:
Geeze you guys seem to be taking this lightly, I realise it's unlikely for there to be problems, due to safety in numbers if nothing else,But surely this issue is worth addressing?

Im taking it very seriously. Updating everything.

Threepwood · Jul 9, 2008

w1z4rd said:
Im taking it very seriously. Updating everything.

Glad I'm not the only one worrying. I posted this previously in this thread:

I just did the test and also am on SAIX Telkom.

Guess what, my name server is vulnerable to DNS cache poisoning, big surprise.

So how do we get Telkom (and other ISPs) to resolve this issue?

Is using OpenDNS perhaps an option till Telkom sorts itself out?

So what to do about this? I switched to OpenDNS but I get the same message.

Other than that I guess we just update all our browsers and get security patches for our OS?

Join the MyBroadband community

Get started

Hackers could take over the Web

Admin

Karmic Sangoma

Wugger

Executive Member

Karmic Sangoma

King of de Jungle

Senior Member

Karmic Sangoma

Honorary Master

Executive Member

Expert Member

Expert Member

Well-Known Member

Karmic Sangoma

Senior Member

Expert Member

Well-Known Member

Senior Member

Karmic Sangoma

Senior Member