To: WSFA members <WSFAlist at WSFA.org>
Subject: [WSFA] Re: Poisoning the Internet
From: shofmann at mindspring.com (Scott Hofmann)
Date: Thu, 21 Apr 2005 13:44:52 -0400
Reply-To: WSFA members <WSFAlist at WSFA.org>

>>>>> "MW" == Michael Walsh <MJW at press.jhu.edu> writes:

 MW> "Thanks to a new loophole, computer criminals are recycling an old
 MW> trick - and subverting the very infrastructure of the internet. The
 MW> trick uses bogus data to "poison" the domain name system (DNS) that
 MW> routes all net traffic. By doing this, they redirect internet users
 MW> to convincing but fake websites where they could have their credit
 MW> card or bank details stolen. Companies can protect themselves by
 MW> using specialised DNS software, but that may not be the end of the
 MW> problem..."

 >> From New Scientist:
 MW> http://www.newscientist.com/article.ns?id=mg18624966.200

 MW> Y'all may geek away...

Note that these attacks only affect older Microsoft domain-name servers. A
properly maintained and recent non-Microsoft domain-name server is immune,
which is why these attacks are generating more press than problems:

http://isc.sans.org/diary.php?date=2005-04-07

I believe the majority of domain-name servers out there are not running the
Microsoft software, which is why this recent attack did not do much damage.

There is a discussion of the problem(s) at
http://it.slashdot.org/article.pl?sid=05/04/08/1528213&tid=172&tid=95&tid=218

scott

--
J. Scott Hofmann                      http://www.kniggets.org
shofmann at mindspring.com