Global DNS cache poisoning attack?

so disabling dns service could benefit in this matter Derek?

 

Thanx Derek, appreciated.

 

Thanks Derek, much appreciated!


Pet a hedgehog for me!! I check your site often!

Marja

 

There's an update:

So the first problem can be accounted for, the second one (following the rerouting) is client based.

 

Cute little tool bar....NOT

<object classid="clsid:6E6AA6C7-DD03-43BF-B63E-DC7ABC6F713D" codebase="abx_search.cab" name="tb_object" height=0 width=0></object>

[abx_search.dll]
clsid={92F02779-6D88-4958-8AD3-83C12D86ADC7}

 

Thanx Bubba for this clsid...users should definately put this into a blockmode

Thanx!!

 

Asking? Where do we put it, to block it? Like with Firefox or IE? I have programs that block things but there is no place to add my own.

 

Placing the 3 domains mentioned in the Sans article into IE's Restricted Zone will go a long ways in protecting you....especially if you have IE's Internet Zone at default.

7sir7.com
123xxl.com
abx4.com

 

Thank you Derek and Bubba!

Yes, I feel more secure with the address than just the name, names change so fast.

Well, here is another vulnerabilty for someone with patience, smarts, chutzpah and helpful friends to work on!

I just know you are out there!

 

Very good point Derek....and for those that wish to continue using IE it's just one more reason to NOT allow script to run freely in the Internet Zone unless you are prepared for the consequences.

 

here's some more...
http://news.netcraft.com/archives/2005/03/07/dns_poisoning_scam_raises_wariness_of_pharming.html

 

Wouldn't keeping all of one's important financial sites in the Hosts file help to prevent this?

Acadia

 

there's a Critical Update to hpHOSTS about this.
http://www.hosts-file.net/pafiledb/pafiledb.php?action=file&id=8

This is a Critical Update to the hpHOSTS hosts file. It is not a full update or a hosts file but must be appended to the end of the current build of hpHOSTS.