|
Posted by Kayman on July 30, 2008, 8:06 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>>>
>>> I'm not sure how these tools work but they seem to automatically "pick"
>>> our
>>> ISP's DNS IP address to scan.
>>
>> Yes, that's seems to be the procedure.
>>
>>> The thing is the IP address doesn't
>>> necessarily match the ones I'm using (also belong to my ISP). As an
>>> example,
>>> I'm using x.x.x.x as my resolver but the tools pick up y.y.y.y and tell
>>> me
>>> that the test is good (it's been patched). Both x.x.x.x and y.y.y.y are
>>> my
>>> ISP's DNS servers.
>>
>> Talk to you Internet Service Provider (ISP); They probably issue dynamic
>> IP
>> addresses.
>> FYI:
>>
http://searchwindevelopment.techtarget.com/sDefinition/0,,sid8_gci520967,00.html
>>
>>> I understand that they have multiple addresses (may be hundreds/thousands
>>> depending on ISP size). My questions is:
>>> Is there a tool that lets us input IP address to scan?
>>
>> Don't know, sorry.
>>
>>> Or is it safe to assume that if my ISP DNS at x.x.x.x (as seen by the
>>> tools
>>> at dns-oarc.net or doxpara.com) has been patched, they have patched the
>>> rest
>>> of their DNS servers and therefore it is safe to use any of their DNS?
>>
>
> Thanks Kayman. I use (my ISP) DNS IP addresses as forwarders on my Windows
> DNS system. I guess what I can do is change the forwarders IP addresses to
> the ones that have been detected as GOOD.
>
> Btw, http://www.dnsstuff.com/ has a DNS vulnerability check too. Also, if
> you haven't heard, check this out:
> http://www.networkworld.com/news/2008/073008-dns-attack-writer-a-victim.html
>
>> I'd assume it's safe; If in doubt talk to the ISP.
>> Let us know their response.
>
> Contact our ISP? That's a scary thought. I sent them an email last week,
> asking them if they have fixed DNS flaw. A few days later, I got a reply
> like this:
>
> At this time we have made no changes to our network and we do not plan to
> make any changes. We actively monitor out network for any security breaches.
>
> Shortly before I received the above reply from my ISP, I used DNS check
> tools from doxpara.com. It says that it's safe (a few days earlier, the
> report said that my DNS was vulnerable to cache poisoning). I appears to me
> that my ISP has fixed the problem but a reply from my ISP says otherwise
> ("we do not plan to make any changes"). Clueless tech support.
Yes, I would think that your ISP has fixed (or is fixing) the problem. The
("clueless tech support") is probably a temp who may not be versed
technically :)
Good luck
| 
XML site map