25-03-05

why make a virus if can attack a dns server

why would you make a virus or a spyware to attract visitors to websites and get paid for it, if you can easily attack a dns server with a simple email, banner or other link that will change settings in a DNS server and change the ip addresses for popular destinations like fore example google so they come to your site, willing or not
 
the only thing that is missing is that they are yet not using spoofed sites so visitors see now the difference. If you would spoof google on another server with another ip address and you can hide the iframes you would work with (new phishing technique), than who would see ?
And you wouldn't need to do a thing.
 
protect yourself against those attacks (from internetstormcenter)
By default, the DNS server does NOT protect you against DNS cache poisoning. If you run a resolving nameserver on Windows NT 4 or Windows 2000, you are HIGHLY ADVISED to set the follow the instructions here to protect yourself from these attacks: http://support.microsoft.com/default.aspx?scid=kb;en-us;2...
 
advertising megapowerpills.com. Interesting, the real IP address for www.megapowerpills.com is different and seems to only host an "under construction" image. The malicious DNS servers have the IP addresses of 222.47.183.18 and 222.47.122.203. There are numerous domain names and nameservers that point to these IP addresses. Here are some of the domain names pointing to the malicious DNS servers:

baronpill.com
bizwebb.us
cbarricadepill.com
cflabbergastgood.com
cnd-dns.us
disc0unt.us
ezcliq.us
m-dns.us
medauditory.com
medverdantgood.com
medverdigrisgood.com
medverdictgood.com
outfacegood.com
outregood.com
prostrategood.com
ururu.us
---------------------  end alert internet storm center


 
Rumors are around that even some big ----- firms haven't secured their dns servers and even allow zone-transfers without authentification.......
 
read more about dns security
http://www.softpanorama.org/DNS/security.shtml
http://www.apricot.net/apricot97/apII/Presentations/DNSan...  (1997 but basic)
http://compsec101.antibozo.net/papers/dnssec/dnssec.html (1999 but interesting)
http://www.microsoft.com/resources/documentation/WindowsS...  (very good windows 2003 document with basic information also)
http://www.whitehats.ca/main/members/Jeff/jeff_dns_securi... (with a schema to make it easier to understand)
 
http://www.zytrax.com/books/dns/ch7/security.html the security of DNS Bind 9 (the OS) If you would know how many are still running DNS bind 8 or non patched 9 versions ......
 
and more about BIND security
http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch07.html
http://www.boran.com/security/sp/bind9_20010430.html
 
expect this to become normal attack-business, so you don't have no choice. Patch it, upgrade it, secure it, service it and look after it.

15:46 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.