Has your DNS been patched?
So, if you've been perusing the tech sites lately (and more specifically, security sites) like I do, you've probably seen articles about the recent flaw that has been discovered in DNS. If not, you can read up on it here or here. The details of the vulnerability are actually quite interesting but I really didn't think anything of it until I went home the other night and tried to access this very site from my Verizon FIOS Internet connection. I have http://www.linuxforums.org/forum/ bookmarked in my browser and when I tried to connect to it the other night, I was redirected to my ISP's search page where it told me that the name could not be found. I thought that was odd so I googled "LinuxForums" found this site as the first hit and tried to follow the link to the forums where I found the same page I saw originally. At that point, being the genius that I am, I put two and two together and realized it's possible my ISP's DNS servers may be poisoned. I was actually quite surprised seeing as how in one of the articles I read, the author claimed that most of the big DNS providers have already implemented the patch and that everything is hunky dory. I would have thought Verizon would fall into that group but apparently not.
After a lot more reading, I eventually stumbled upon Dan Kaminksy's blog. He's the original researcher who found the flaw. And right there on the side of a page is a nice little utility which tells you (in a general sense) how vulnerable your DNS server may be. So, from my computer at home, I clicked on it and it said:
On a whim, I changed my DNS settings to point to OpenDNS servers and found that the message no longer appeared and now I was getting this:
Your name server, at xx.xx.xx.xx, may be safe, but the NAT/Firewall in front of it appears to be interfering with its port selection policy. The difference between largest port and smallest port was only 37.
And sure enough, connecting to LinuxForums worked like a charm after that. Slashdot verifies the patch has been made to OpenDNS.
Your name server, at 22.214.171.124, appears to be safe.Requests seen for 7dfe01ffe61e.toorrr.com:
So, I would suggest checking your DNS server(s) against Kaminsky's blog and taking the appropriate measures to make sure you're not at risk. What's even more interesting is I tried the check from work this morning and got this:
Your name server, at xx.xx.xx.xx, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: xx
Due to events outside our control, details of the vulnerability have been leaked. Please consider using a safe DNS server, such as OpenDNS. Note: Comcast users should not worry.