[nsp-sec] DNS poisoning activity in the wild

[Joel Rosenblatt]

The articles are already out on this

<http://www.pcworld.com/article/149126/2008/07/.html>


--On Wednesday, July 30, 2008 5:03 PM +0200 Florian Weimer <fweimer at bfk.de> wrote:

> ----------- nsp-security Confidential --------
>
> * Jose Nazario:
>
>> after seeing hdm blog this:
>>
>> | After seeing the SBC/ATT server for Austin get poisoned, serve up |
>> advertisements, and eventually get taken offline, I decided to add a |
>> module to compare DNS results between two servers.
>>
>> via http://blog.metasploit.com/2008/07/checking-for-cache-poisoning.html
>
> HD Moore had publicly visible ARP poisoning issues on his networks
> before.  IMHO, it's not necessarily one of the new attacks.  And the
> alleged bad data in the AT&T caches hasn't been reported elsewhere.
>
>> now, hdm did this as a proof of concept. but i have to wonder: how
>> much actual DNS poisoning is occurring and where is it coming from?
>
> I only see scans supposedly from researchers, but I'm not really
> tracking this.
>
> --
> Florian Weimer                <fweimer at bfk.de>
> BFK edv-consulting GmbH       http://www.bfk.de/
> Kriegsstraße 100              tel: +49-721-96201-1
> D-76133 Karlsruhe             fax: +49-721-96201-99
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________



Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel