Originally posted by: spidey07
Just to add from what our DNS guys were talking about today (yes, 6 people devoted to nothing but DNS).
Yesterday MS security "experts" told them they had a patch in the works for MS DNS servers, but not to deploy it due to testing and this "isn't a big deal".
Today MS completely changed their tune - here's the patch, deploy it at all costs. The dns guys have been working on this and been on the phone constantly since it was announced. I'm not slamming MS, but to have a complete about face tune like that is unusual.
Originally posted by: aphex
Any chance this is related?
http://forums.anandtech.com/me...=2210695&enterthread=y
She's on Bellsouth DSL, vulnerable according to doxpara, we just switched her to Open DNS tonight.
Originally posted by: Modelworks
Originally posted by: spidey07
Just to add from what our DNS guys were talking about today (yes, 6 people devoted to nothing but DNS).
Yesterday MS security "experts" told them they had a patch in the works for MS DNS servers, but not to deploy it due to testing and this "isn't a big deal".
Today MS completely changed their tune - here's the patch, deploy it at all costs. The dns guys have been working on this and been on the phone constantly since it was announced. I'm not slamming MS, but to have a complete about face tune like that is unusual.
I think the thing that is scaring people involved with the actual patching is the rate at which it is developing. A friend just got an email from cisco that another patch was coming out in just a day or two and that to use what they released already until then. Already on various forums I have read of people talking about ways to get around the current patches. Looks like they opened a can of worms.
Originally posted by: Xanis
anyone else having trouble getting on the doxpara site?
Originally posted by: Modelworks
Originally posted by: Xanis
anyone else having trouble getting on the doxpara site?
I think it just can't handle the load.
Quick search showed that site has a almost 900% increase in traffic
Originally posted by: Xanis
anyone else having trouble getting on the doxpara site?
Originally posted by: Spartan Niner
Originally posted by: Xanis
anyone else having trouble getting on the doxpara site?
I haven't been able to access that or the OARC test on either Qwest DNS or Open DNS.
Originally posted by: StarsFan4Life
Originally posted by: Spartan Niner
Originally posted by: Xanis
anyone else having trouble getting on the doxpara site?
I haven't been able to access that or the OARC test on either Qwest DNS or Open DNS.
DDOS from the hackers already starting?
Going to sleep now, wonder if the internet will be up in the morning.
<characters>.toorrr.com is the domain that they're using to test with. What happens is that you're given a series of requests to run lookups on for randomly generated subdomains of toorrr.com (which they control). Their master DNS server then logs these requests coming from your ISP's DNS server (since it would need to go to the master for all of these new subdomains) and reports the data back to you. This way they can see exactly what ports and transaction IDs are being used. If there's little-to-no randomness, then someone can brute force fake transactions and poison your ISP's DNS server, and you are told that your ISP's DNS server is vulnerable.Originally posted by: Champ
So I have no understanding about what this really is but you guys are actually taking this seriously so it must be bad:shocked:
So I ran the test on doxpara and it said Your name server, at 64.xx.xxx.xxx, appears to be safe, but make sure the ports listed below aren't following an obvious pattern.
the it shows this request
83bc3baf835d.toorrr.com:
then my server number followed by TXID=xxxxx five times over
so is 83bc3baf835.toorrr.com the site or something i should be worried about because i dont know what that site is?
I thought MS had all of their related patches out and shipped on the 8th?Originally posted by: spidey07
Just to add from what our DNS guys were talking about today (yes, 6 people devoted to nothing but DNS).
Yesterday MS security "experts" told them they had a patch in the works for MS DNS servers, but not to deploy it due to testing and this "isn't a big deal".
Today MS completely changed their tune - here's the patch, deploy it at all costs. The dns guys have been working on this and been on the phone constantly since it was announced. I'm not slamming MS, but to have a complete about face tune like that is unusual.
You'd be primarily looking at fraudsters. The most obvious use of stealing a domain is to steal credentials and other data for fraudulent purposes. However you could also do it to effectively bring a site offline, or replace a site with faulty information (e.g. replace the content of Whitehouse.gov with a notice that WW3 has started). Some people may not even be above doing it just to mess with people.Originally posted by: RESmonkey
Who is usually behind these DDOS and DNS exploits? What kind of hackers? I suppose way beyond "4chan" people?
Originally posted by: ViRGE
I thought MS had all of their related patches out and shipped on the 8th?Originally posted by: spidey07
Just to add from what our DNS guys were talking about today (yes, 6 people devoted to nothing but DNS).
Yesterday MS security "experts" told them they had a patch in the works for MS DNS servers, but not to deploy it due to testing and this "isn't a big deal".
Today MS completely changed their tune - here's the patch, deploy it at all costs. The dns guys have been working on this and been on the phone constantly since it was announced. I'm not slamming MS, but to have a complete about face tune like that is unusual.
Originally posted by: ViRGE
You'd be primarily looking at fraudsters. The most obvious use of stealing a domain is to steal credentials and other data for fraudulent purposes. However you could also do it to effectively bring a site offline, or replace a site with faulty information (e.g. replace the content of Whitehouse.gov with a notice that WW3 has started). Some people may not even be above doing it just to mess with people.Originally posted by: RESmonkey
Who is usually behind these DDOS and DNS exploits? What kind of hackers? I suppose way beyond "4chan" people?
The Internet will be waiting.Originally posted by: StarsFan4Life
DDOS from the hackers already starting?Originally posted by: Spartan Niner
Originally posted by: Xanis
anyone else having trouble getting on the doxpara site?
I haven't been able to access that or the OARC test on either Qwest DNS or Open DNS.
Going to sleep now, wonder if the internet will be up in the morning.
Originally posted by: Baked
Looks like I'm gonna stay offline for the remainder of the month.