31-03-05

dns poisioning attacks goings big-scale

why write a virus if you could change the ip address of each .com site someone types who uses a certain DNS server so that it comes automatically at a site where the spyware can be loaded on the pc ?
well, that is what is happening now in the US
it is the first bigscale attack on a commercial big dns server and one that is poisioning the whole traffic going to .com sites (because dns servers help each other and refer to each other to balance the load of the traffic).
 
what is more interesting is that it is a zero day attack, no one has a clue how this is being done, the hackers are in control here
 
a few weeks ago everybody was laughing about an american who in a dutch new IT monthly claimed he could do just that, impossible said the whole IT Security specialist industry
 
well, they are doing it since a week, going a step further each time
 
what can you do ?
- get up your own dns servers behind your firewall and don't depend so much on others or be able to change the external dns servers
- direct all your network traffic to very specific dns servers and block all the rest
- just stop clicking yes on everything you see and receive
 
blocking this
209.123.63.168 / 64.21.61.5 / 205.162.201.11
malicious DNS server is 216.127.88.131
vparivalka .org
 
thank g. there is an internet storm center
http://isc.sans.org/diary.php?date=2005-03-30
 

00:39 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.