Guest Kayman Posted July 28, 2008 Posted July 28, 2008 "The test takes a few seconds to complete. When its done you'll see a page where the transaction ID and source port randomness will be rated either GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact your ISP and ask if they have plans to upgrade their nameserver software before August 7th." https://www.dns-oarc.net/oarc/services/dnsentropy
Guest Twayne Posted July 28, 2008 Posted July 28, 2008 Re: DNS Randomness Test > "The test takes a few seconds to complete. When its done you'll see a > page where the transaction ID and source port randomness will be > rated either GREAT, GOOD, or POOR. If you see a POOR rating, we > recommend that contact your ISP and ask if they have plans to upgrade > their nameserver software before August 7th." Umm, I'd beware any stranger offering advice in case that appeals to you. It's outright spam to begin with and of no known value or recognition otherwise. It's designed to make you curious and want to visit that URL where who knows what might go on? It'd be funny if it weren't so stupid!
Guest Geoff Posted July 28, 2008 Posted July 28, 2008 Re: DNS Randomness Test On Mon, 28 Jul 2008 12:18:10 -0400, "Twayne" <nobody@devnull.spamcop.net> wrote: >> "The test takes a few seconds to complete. When its done you'll see a >> page where the transaction ID and source port randomness will be >> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we >> recommend that contact your ISP and ask if they have plans to upgrade >> their nameserver software before August 7th." > >Umm, I'd beware any stranger offering advice in case that appeals to >you. It's outright spam to begin with and of no known value or >recognition otherwise. It's designed to make you curious and want to >visit that URL where who knows what might go on? It'd be funny if it >weren't so stupid! > > As an advisory it lacks any real information. This is supposed to be an advisory about the Kaminsky DNS vulnerability but is of limited use to end users other than to generate grass roots movement from users to get ISP's to upgrade their DNS code. The full text of the dns-oarc.net page follows: ---------------------- US-CERT's Vulnerability Note VU#800113 describes deficiencies in the DNS protocol and implementations that can facilitate cache poisoning attacks. The answers from a poisoned nameserver cannot be trusted. You may be redirected to malicious web sites that will try to steal your identity or infect your computers with malware. On August 7, 2008, Dan Kaminsky will release the details of how such attacks can be launched against vulnerable DNS resolvers. The essence of the problem is that DNS resolvers don't always use enough randomness in their transaction IDs and query source ports. Increasing the amount of randomness increases the difficulty of a successful poisoning attack. This page exists to help you learn if your ISP's nameservers are vulnerable to this type of attack. If you click on the button below, we will test the randomness of your ISP DNS resolver. The test takes a few seconds to complete. When its done you'll see a page where the transaction ID and source port randomness will be rated either GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact your ISP and ask if they have plans to upgrade their nameserver software before August 7th. See porttest for another way to check your resolver from a Unix commandline. ---------------------- See also: http://www.kb.cert.org/vuls/id/800113
Guest David H. Lipman Posted July 28, 2008 Posted July 28, 2008 Re: DNS Randomness Test From: "Twayne" <nobody@devnull.spamcop.net> >> "The test takes a few seconds to complete. When its done you'll see a >> page where the transaction ID and source port randomness will be >> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we >> recommend that contact your ISP and ask if they have plans to upgrade >> their nameserver software before August 7th." | Umm, I'd beware any stranger offering advice in case that appeals to | you. It's outright spam to begin with and of no known value or | recognition otherwise. It's designed to make you curious and want to | visit that URL where who knows what might go on? It'd be funny if it | weren't so stupid! No. Both Kayman and the site are legitimate and most importantly this is a good test concerning the US CERT Vulnerability Note VU#800113 Reference: http://www.kb.cert.org/vuls/id/800113 This is NOT spam! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest Lon Posted July 29, 2008 Posted July 29, 2008 Re: DNS Randomness Test Twayne wrote: >> "The test takes a few seconds to complete. When its done you'll see a >> page where the transaction ID and source port randomness will be >> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we >> recommend that contact your ISP and ask if they have plans to upgrade >> their nameserver software before August 7th." https://www.dns-oarc.net/oarc/services/dnsentropy > > Umm, I'd beware any stranger offering advice in case that appeals to > you. It's outright spam to begin with and of no known value or > recognition otherwise. It's designed to make you curious and want to > visit that URL where who knows what might go on? It'd be funny if it > weren't so stupid! > > > I'd also beware of self appointed security experts who do not recognize the site http://www.dns-oarc.net.
Guest FromTheRafters Posted July 29, 2008 Posted July 29, 2008 Re: DNS Randomness Test "Lon" <lon.stowell@comcast.net> wrote in message news:79Kdne3O09h_8xPVnZ2dnUVZ_hjinZ2d@comcast.com... > Twayne wrote: >>> "The test takes a few seconds to complete. When its done you'll see a >>> page where the transaction ID and source port randomness will be >>> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we >>> recommend that contact your ISP and ask if they have plans to upgrade >>> their nameserver software before August 7th." > https://www.dns-oarc.net/oarc/services/dnsentropy >> >> Umm, I'd beware any stranger offering advice in case that appeals to you. >> It's outright spam to begin with and of no known value or recognition >> otherwise. It's designed to make you curious and want to visit that URL >> where who knows what might go on? It'd be funny if it weren't so stupid! >> >> >> > I'd also beware of self appointed security experts who do not recognize > the site http://www.dns-oarc.net. But how do we know that clicking that link will actually resolve to that (considering the topic) legitimate site? :O) URL's are not dangerous, however the software you run to access them may well be.
Guest Lon Posted July 29, 2008 Posted July 29, 2008 Re: DNS Randomness Test FromTheRafters wrote: > "Lon" <lon.stowell@comcast.net> wrote in message > news:79Kdne3O09h_8xPVnZ2dnUVZ_hjinZ2d@comcast.com... >> Twayne wrote: >>>> "The test takes a few seconds to complete. When its done you'll see a >>>> page where the transaction ID and source port randomness will be >>>> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we >>>> recommend that contact your ISP and ask if they have plans to upgrade >>>> their nameserver software before August 7th." >> https://www.dns-oarc.net/oarc/services/dnsentropy >>> Umm, I'd beware any stranger offering advice in case that appeals to you. >>> It's outright spam to begin with and of no known value or recognition >>> otherwise. It's designed to make you curious and want to visit that URL >>> where who knows what might go on? It'd be funny if it weren't so stupid! >>> >>> >>> >> I'd also beware of self appointed security experts who do not recognize >> the site http://www.dns-oarc.net. > > But how do we know that clicking that link will actually > resolve to that (considering the topic) legitimate site? :O) Klothnet nslookup if your software doesn't display the full encoded url on mouseover. > > URL's are not dangerous, however the software you run to > access them may well be. Most of the problems are just above and behind the keyboard.
Guest Twayne Posted July 29, 2008 Posted July 29, 2008 Re: DNS Randomness Test f'ups set to msp sec... .virus to save gas, I mean, ether. > Twayne wrote: >>> "The test takes a few seconds to complete. When its done you'll see >>> a page where the transaction ID and source port randomness will be >>> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we >>> recommend that contact your ISP and ask if they have plans to >>> upgrade their nameserver software before August 7th." > https://www.dns-oarc.net/oarc/services/dnsentropy >> >> Umm, I'd beware any stranger offering advice in case that appeals to >> you. It's outright spam to begin with and of no known value or >> recognition otherwise. It's designed to make you curious and want to >> visit that URL where who knows what might go on? It'd be funny if it >> weren't so stupid! >> >> >> > I'd also beware of self appointed security experts who do not > recognize the site http://www.dns-oarc.net. None the less, it is spam and as such is subject to all the things spam is worthy of: nothing. I repeat: "It's designed to make you curious and want to >> visit that URL where who knows what might go on? It'd be funny if it >> weren't so stupid!" Spam is spam and you are a spammer. And speaking of "experts", you seem totally unaware that spam isn't acceptable, and also that redirections are easy. If you think that URL is so well known, you have another think coming. It is NOT a recognized web site for security aspects. In fact: It's blacklisted at APEWS-L1: (SPEWS replacement) ----------------------------------------------- http://openrbl.org/client/#www.dns-oarc.net APEWS_L1 - Anon PM Early Warning System - Level 1 RHS: Spamvertized Domains and alike_ homepagehttp://apews.org/ typeHOST (RHS) Blacklist zonel1.apews.rhsbl.uceprotect.net [Wiki] statusBlocklisted at l1.apews.rhsbl.uceprotect.net ----------------------------------------------- WAS recently listed at SORBS, ---------------------------------------------- and is mired in a long list of AS horizontals and verticals that most would only use for the purpose of making it difficult to trace them specifically. Hmm, now who would want that? Oh! I know! Spammers! lookuphttp://apews.org/?page=test&ip=www.dns-oarc.net http://www.uceprotect.net/en/apews.html public.dns-oarc.net public.dns-oarc.net has one IP record . http://www.dns-oarc.net point to the same IP. network-scanner-230-for-more-info-see.public.dns-oarc.net and network-scanner-224-for-more-info-see.public.dns-oarc.net are subdomains to this hostname. baserecordnameipreverserouteas public.dns-oarc.neta149.20.58.8www.dns-oarc.net149.20.0.0/16 AS1280 project netblockAS1280 ISC AS1280 Internet Systems Consortium, Inc dns-oarc.netnshq-ns.oarc.isc.org204.152.184.186hq-ns.oarc.isc.org204.152.184.0/21 ns-ext.isc.org204.152.184.64ns-ext.isc.org ns-ext.nrt1.isc.org192.228.90.19ns-ext.nrt1.isc.org192.228.90.0/24 Internet Software ConsortiumAS2500 WIDE Project in Japan ns-ext.lga1.isc.org192.228.91.19ns-ext.lga1.isc.org192.228.91.0/24 Internet Systems Consortium, Inc., New York, NY, USAAS27319 ISC LGA1 Internet Systems Consortium, Inc , New York, NY, US ns-ext.sth1.isc.org192.228.89.19ns-ext.sth1.isc.org192.228.89.0/24 Internet Systems Consortium, Inc.AS8674 NETNOD IX Netnod Internet Exchange Sverige AB (former D GIX) $Id: aut num:AS8674,v 1 12 2008/07/01 12:56:12 liman Exp $ mxmail.dns-oarc.net149.20.58.4mail.dns-oarc.net149.20.0.0/16 AS1280 project netblockAS1280 ISC AS1280 Internet Systems Consortium, Inc org isc.org net nrt1.isc.org oarc.isc.org sth1.isc.org lga1.isc.org -------------------------------------- NOW, IDIOT SPAMMER, I gave you a pass on reporting you since it appeared you might not know what you're doing. But from just 3 minutes worth of research I can see you not only know what you're doing is spamming, but you are still spamming even though you're dropped by at one list and have been noted at around 8 other lists. SORBS may have "dropped" you but rest assured it won't take a lot to put you back on their list. If I come across you again on ANY group, forum or other means, rest assured I will not hassle you, but I WILL report you for spamming, and I'll resurrect the discussions at nanae for you using your own tripe as proof! So either get your ass out of here or be prepared to start looking for other resources again. It looks like discussions at nanae would be pretty easy to reopen; it's only been a short period of time. Don't address me again: I only give one warning. HTH (you provide the word for the last H)
Guest Kayman Posted July 29, 2008 Posted July 29, 2008 Re: DNS Randomness Test On Mon, 28 Jul 2008 19:14:07 -0600, Lon wrote: <snip> > I'd also beware of self appointed security experts who do not recognize > the site http://www.dns-oarc.net. Hey Lon, while we're having so much fun, here is another DNS checker http://www.doxpara.com/ (a good tool to double-check the results obtained from https://www.dns-oarc.net/oarc/services/dnsentropy ) :-)
Guest Newell White Posted July 29, 2008 Posted July 29, 2008 Re: DNS Randomness Test "FromTheRafters" wrote: > > But how do we know that clicking that link will actually > resolve to that (considering the topic) legitimate site? :O) > > URL's are not dangerous, however the software you run to > access them may well be. > > Those of us who have reached the age of discretion right click on the link, then copy and paste into our browser's address bar. We get lots of practice at this because our incoming e-mails are shown in plain text format. We are suspicious old farts who plan on living a long time. -- Regards, Newell White
Guest FromTheRafters Posted July 29, 2008 Posted July 29, 2008 Re: DNS Randomness Test "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com... > > "FromTheRafters" wrote: > > >> >> But how do we know that clicking that link will actually >> resolve to that (considering the topic) legitimate site? :O) >> >> URL's are not dangerous, however the software you run to >> access them may well be. >> >> > Those of us who have reached the age of discretion right click on the > link, > then copy and paste into our browser's address bar. Which doesn't address the DNS poisoning issue. Any URL at all (requiring a lookup) is suspect. Only comparing returns from a known good name server can confirm if the URL's friendly name is actually where your browser will be directed. ..
Guest Newell White Posted July 29, 2008 Posted July 29, 2008 Re: DNS Randomness Test "FromTheRafters" wrote: > > "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message > news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com... > > > > "FromTheRafters" wrote: > > > > > >> > >> But how do we know that clicking that link will actually > >> resolve to that (considering the topic) legitimate site? :O) > >> > >> URL's are not dangerous, however the software you run to > >> access them may well be. > >> > >> > > Those of us who have reached the age of discretion right click on the > > link, > > then copy and paste into our browser's address bar. > > Which doesn't address the DNS poisoning issue. Any URL at all > (requiring a lookup) is suspect. Only comparing returns from a known > good name server can confirm if the URL's friendly name is actually > where your browser will be directed. > .. Point taken. But even before the DNS issue using the Internet involves a certain amount of trust. -- Regards, Newell White
Guest Twayne Posted July 29, 2008 Posted July 29, 2008 Re: DNS Randomness Test > "FromTheRafters" wrote: > >> >> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in >> message news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com... >>> >>> "FromTheRafters" wrote: >>> >>> >>>> >>>> But how do we know that clicking that link will actually >>>> resolve to that (considering the topic) legitimate site? :O) >>>> >>>> URL's are not dangerous, however the software you run to >>>> access them may well be. >>>> >>>> >>> Those of us who have reached the age of discretion right click on >>> the link, >>> then copy and paste into our browser's address bar. >> >> Which doesn't address the DNS poisoning issue. Any URL at all >> (requiring a lookup) is suspect. Only comparing returns from a known >> good name server can confirm if the URL's friendly name is actually >> where your browser will be directed. >> .. > Point taken. > But even before the DNS issue using the Internet involves a certain > amount of trust. Yes, it does. But clicking a link in any spam is asking for trouble sooner or later.
Guest David H. Lipman Posted July 29, 2008 Posted July 29, 2008 Re: DNS Randomness Test From: "Twayne" <nobody@devnull.spamcop.net> | Yes, it does. But clicking a link in any spam is asking for trouble | sooner or later. Except this was a legitimate post and was in no way shape or form 'spam'. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest John Posted July 29, 2008 Posted July 29, 2008 Re: DNS Randomness Test "Kayman" <kaymanDeleteThis@operamail.com> wrote in message news:ej54BPV8IHA.1196@TK2MSFTNGP05.phx.gbl... > On Mon, 28 Jul 2008 19:14:07 -0600, Lon wrote: > > <snip> > >> I'd also beware of self appointed security experts who do not recognize >> the site http://www.dns-oarc.net. > > Hey Lon, while we're having so much fun, here is another DNS checker > http://www.doxpara.com/ > (a good tool to double-check the results obtained from > https://www.dns-oarc.net/oarc/services/dnsentropy ) > :-) I'm not sure how these tools work but they seem to automatically "pick" our ISP's DNS IP address to scan. The thing is the IP address doesn't necessarily match the ones I'm using (also belong to my ISP). As an example, I'm using x.x.x.x as my resolver but the tools pick up y.y.y.y and tell me that the test is good (it's been patched). Both x.x.x.x and y.y.y.y are my ISP's DNS servers. I understand that they have multiple addresses (may be hundreds/thousands depending on ISP size). My questions is: Is there a tool that lets us input IP address to scan? Or is it safe to assume that if my ISP DNS at x.x.x.x (as seen by the tools at dns-oarc.net or doxpara.com) has been patched, they have patched the rest of their DNS servers and therefore it is safe to use any of their DNS? Thanks in advance.
Guest Kayman Posted July 30, 2008 Posted July 30, 2008 Re: DNS Randomness Test On Tue, 29 Jul 2008 13:38:52 -0700, John wrote: > "Kayman" <kaymanDeleteThis@operamail.com> wrote in message > news:ej54BPV8IHA.1196@TK2MSFTNGP05.phx.gbl... >> On Mon, 28 Jul 2008 19:14:07 -0600, Lon wrote: >> >> <snip> >> >>> I'd also beware of self appointed security experts who do not recognize >>> the site http://www.dns-oarc.net. >> >> Hey Lon, while we're having so much fun, here is another DNS checker >> http://www.doxpara.com/ >> (a good tool to double-check the results obtained from >> https://www.dns-oarc.net/oarc/services/dnsentropy ) >> :-) > > I'm not sure how these tools work but they seem to automatically "pick" our > ISP's DNS IP address to scan. Yes, that's seems to be the procedure. > The thing is the IP address doesn't > necessarily match the ones I'm using (also belong to my ISP). As an example, > I'm using x.x.x.x as my resolver but the tools pick up y.y.y.y and tell me > that the test is good (it's been patched). Both x.x.x.x and y.y.y.y are my > ISP's DNS servers. Talk to you Internet Service Provider (ISP); They probably issue dynamic IP addresses. FYI: http://searchwindevelopment.techtarget.com/sDefinition/0,,sid8_gci520967,00.html > I understand that they have multiple addresses (may be hundreds/thousands > depending on ISP size). My questions is: > Is there a tool that lets us input IP address to scan? Don't know, sorry. > Or is it safe to assume that if my ISP DNS at x.x.x.x (as seen by the tools > at dns-oarc.net or doxpara.com) has been patched, they have patched the rest > of their DNS servers and therefore it is safe to use any of their DNS? I'd assume it's safe; If in doubt talk to the ISP. Let us know their response.
Guest FromTheRafters Posted July 30, 2008 Posted July 30, 2008 Re: DNS Randomness Test "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:OAgv1kb8IHA.4532@TK2MSFTNGP05.phx.gbl... > From: "Twayne" <nobody@devnull.spamcop.net> > > > > | Yes, it does. But clicking a link in any spam is asking for trouble > | sooner or later. > > > Except this was a legitimate post and was in no way shape or form 'spam'. This guy hates spam. To a hammer, everything looks like a nail. :o)
Guest David H. Lipman Posted July 30, 2008 Posted July 30, 2008 Re: DNS Randomness Test From: "FromTheRafters" <erratic@ne.rr.com> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message | news:OAgv1kb8IHA.4532@TK2MSFTNGP05.phx.gbl... >> From: "Twayne" <nobody@devnull.spamcop.net> >> | Yes, it does. But clicking a link in any spam is asking for trouble >> | sooner or later. >> Except this was a legitimate post and was in no way shape or form 'spam'. | This guy hates spam. | To a hammer, everything looks like a nail. :o) :-) -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest FromTheRafters Posted July 30, 2008 Posted July 30, 2008 Re: DNS Randomness Test "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message news:F0BC9CFC-527F-4ACC-9983-32838D88D5F3@microsoft.com... > "FromTheRafters" wrote: > >> >> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message >> news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com... >> > >> > "FromTheRafters" wrote: >> > >> > >> >> >> >> But how do we know that clicking that link will actually >> >> resolve to that (considering the topic) legitimate site? :O) >> >> >> >> URL's are not dangerous, however the software you run to >> >> access them may well be. >> >> >> >> >> > Those of us who have reached the age of discretion right click on the >> > link, >> > then copy and paste into our browser's address bar. >> >> Which doesn't address the DNS poisoning issue. Any URL at all >> (requiring a lookup) is suspect. Only comparing returns from a known >> good name server can confirm if the URL's friendly name is actually >> where your browser will be directed. >> .. > Point taken. > But even before the DNS issue using the Internet involves a certain amount > of trust. ....and a certain amount of luck. :o) DNS is like the mother of all hosts files and adware/foistware has already shown how useful the name servers can be for increasing overall stickiness.
Guest Hank Arnold (MVP) Posted July 30, 2008 Posted July 30, 2008 Re: DNS Randomness Test FromTheRafters wrote: > "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message > news:F0BC9CFC-527F-4ACC-9983-32838D88D5F3@microsoft.com... >> "FromTheRafters" wrote: >> >>> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message >>> news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com... >>>> "FromTheRafters" wrote: >>>> >>>> >>>>> But how do we know that clicking that link will actually >>>>> resolve to that (considering the topic) legitimate site? :O) >>>>> >>>>> URL's are not dangerous, however the software you run to >>>>> access them may well be. >>>>> >>>>> >>>> Those of us who have reached the age of discretion right click on the >>>> link, >>>> then copy and paste into our browser's address bar. >>> Which doesn't address the DNS poisoning issue. Any URL at all >>> (requiring a lookup) is suspect. Only comparing returns from a known >>> good name server can confirm if the URL's friendly name is actually >>> where your browser will be directed. >>> .. >> Point taken. >> But even before the DNS issue using the Internet involves a certain amount >> of trust. > > ...and a certain amount of luck. :o) > > DNS is like the mother of all hosts files and adware/foistware has > already shown how useful the name servers can be for increasing > overall stickiness. > > You know, I have yet to see a single posting from you that makes any sense..... Welcome to the Kill File (along with this thread.......).... -- Regards, Hank Arnold Microsoft MVP Windows Server - Directory Services
Guest FromTheRafters Posted July 30, 2008 Posted July 30, 2008 Re: DNS Randomness Test "Hank Arnold (MVP)" <rasilon@aol.com> wrote in message news:eWShWym8IHA.1180@TK2MSFTNGP03.phx.gbl... > FromTheRafters wrote: >> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message >> news:F0BC9CFC-527F-4ACC-9983-32838D88D5F3@microsoft.com... >>> "FromTheRafters" wrote: >>> >>>> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message >>>> news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com... >>>>> "FromTheRafters" wrote: >>>>> >>>>> >>>>>> But how do we know that clicking that link will actually >>>>>> resolve to that (considering the topic) legitimate site? :O) >>>>>> >>>>>> URL's are not dangerous, however the software you run to >>>>>> access them may well be. >>>>>> >>>>>> >>>>> Those of us who have reached the age of discretion right click on the >>>>> link, >>>>> then copy and paste into our browser's address bar. >>>> Which doesn't address the DNS poisoning issue. Any URL at all >>>> (requiring a lookup) is suspect. Only comparing returns from a known >>>> good name server can confirm if the URL's friendly name is actually >>>> where your browser will be directed. >>>> .. >>> Point taken. >>> But even before the DNS issue using the Internet involves a certain >>> amount >>> of trust. >> >> ...and a certain amount of luck. :o) >> >> DNS is like the mother of all hosts files and adware/foistware has >> already shown how useful the name servers can be for increasing >> overall stickiness. > > You know, I have yet to see a single posting from you that makes any > sense..... Welcome to the Kill File (along with this thread.......).... Specifically what didn't you understand? I'll try to explain what I meant in any of my previous posts. Killfile me if you want, but there is no need to announce it unless you are trolling.
Guest David H. Lipman Posted July 30, 2008 Posted July 30, 2008 Re: DNS Randomness Test From: "Hank Arnold (MVP)" <rasilon@aol.com> | You know, I have yet to see a single posting from you that makes any | sense..... Welcome to the Kill File (along with this thread.......).... | -- | Regards, | Hank Arnold | Microsoft MVP | Windows Server - Directory Services I don't understand where this came from ??? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest John Posted July 30, 2008 Posted July 30, 2008 Re: DNS Randomness Test "Kayman" <kaymanDeleteThis@operamail.com> wrote in message news:e7K2rkd8IHA.4924@TK2MSFTNGP02.phx.gbl... >> >> I'm not sure how these tools work but they seem to automatically "pick" >> our >> ISP's DNS IP address to scan. > > Yes, that's seems to be the procedure. > >> The thing is the IP address doesn't >> necessarily match the ones I'm using (also belong to my ISP). As an >> example, >> I'm using x.x.x.x as my resolver but the tools pick up y.y.y.y and tell >> me >> that the test is good (it's been patched). Both x.x.x.x and y.y.y.y are >> my >> ISP's DNS servers. > > Talk to you Internet Service Provider (ISP); They probably issue dynamic > IP > addresses. > FYI: > http://searchwindevelopment.techtarget.com/sDefinition/0,,sid8_gci520967,00.html > >> I understand that they have multiple addresses (may be hundreds/thousands >> depending on ISP size). My questions is: >> Is there a tool that lets us input IP address to scan? > > Don't know, sorry. > >> Or is it safe to assume that if my ISP DNS at x.x.x.x (as seen by the >> tools >> at dns-oarc.net or doxpara.com) has been patched, they have patched the >> rest >> of their DNS servers and therefore it is safe to use any of their DNS? > Thanks Kayman. I use (my ISP) DNS IP addresses as forwarders on my Windows DNS system. I guess what I can do is change the forwarders IP addresses to the ones that have been detected as GOOD. Btw, http://www.dnsstuff.com/ has a DNS vulnerability check too. Also, if you haven't heard, check this out: http://www.networkworld.com/news/2008/073008-dns-attack-writer-a-victim.html > I'd assume it's safe; If in doubt talk to the ISP. > Let us know their response. Contact our ISP? That's a scary thought. I sent them an email last week, asking them if they have fixed DNS flaw. A few days later, I got a reply like this: At this time we have made no changes to our network and we do not plan to make any changes. We actively monitor out network for any security breaches. Shortly before I received the above reply from my ISP, I used DNS check tools from doxpara.com. It says that it's safe (a few days earlier, the report said that my DNS was vulnerable to cache poisoning). I appears to me that my ISP has fixed the problem but a reply from my ISP says otherwise ("we do not plan to make any changes"). Clueless tech support.
Guest Kayman Posted July 31, 2008 Posted July 31, 2008 Re: DNS Randomness Test On Wed, 30 Jul 2008 14:10:49 -0700, John wrote: > "Kayman" <kaymanDeleteThis@operamail.com> wrote in message > news:e7K2rkd8IHA.4924@TK2MSFTNGP02.phx.gbl... >>> >>> I'm not sure how these tools work but they seem to automatically "pick" >>> our >>> ISP's DNS IP address to scan. >> >> Yes, that's seems to be the procedure. >> >>> The thing is the IP address doesn't >>> necessarily match the ones I'm using (also belong to my ISP). As an >>> example, >>> I'm using x.x.x.x as my resolver but the tools pick up y.y.y.y and tell >>> me >>> that the test is good (it's been patched). Both x.x.x.x and y.y.y.y are >>> my >>> ISP's DNS servers. >> >> Talk to you Internet Service Provider (ISP); They probably issue dynamic >> IP >> addresses. >> FYI: >> http://searchwindevelopment.techtarget.com/sDefinition/0,,sid8_gci520967,00.html >> >>> I understand that they have multiple addresses (may be hundreds/thousands >>> depending on ISP size). My questions is: >>> Is there a tool that lets us input IP address to scan? >> >> Don't know, sorry. >> >>> Or is it safe to assume that if my ISP DNS at x.x.x.x (as seen by the >>> tools >>> at dns-oarc.net or doxpara.com) has been patched, they have patched the >>> rest >>> of their DNS servers and therefore it is safe to use any of their DNS? >> > > Thanks Kayman. I use (my ISP) DNS IP addresses as forwarders on my Windows > DNS system. I guess what I can do is change the forwarders IP addresses to > the ones that have been detected as GOOD. > > Btw, http://www.dnsstuff.com/ has a DNS vulnerability check too. Also, if > you haven't heard, check this out: > http://www.networkworld.com/news/2008/073008-dns-attack-writer-a-victim.html > >> I'd assume it's safe; If in doubt talk to the ISP. >> Let us know their response. > > Contact our ISP? That's a scary thought. I sent them an email last week, > asking them if they have fixed DNS flaw. A few days later, I got a reply > like this: > > At this time we have made no changes to our network and we do not plan to > make any changes. We actively monitor out network for any security breaches. > > Shortly before I received the above reply from my ISP, I used DNS check > tools from doxpara.com. It says that it's safe (a few days earlier, the > report said that my DNS was vulnerable to cache poisoning). I appears to me > that my ISP has fixed the problem but a reply from my ISP says otherwise > ("we do not plan to make any changes"). Clueless tech support. Yes, I would think that your ISP has fixed (or is fixing) the problem. The ("clueless tech support") is probably a temp who may not be versed technically :) Good luck
Guest FromTheRafters Posted July 31, 2008 Posted July 31, 2008 Re: DNS Randomness Test "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:%23PLjKFo8IHA.3368@TK2MSFTNGP03.phx.gbl... > From: "Hank Arnold (MVP)" <rasilon@aol.com> > > > | You know, I have yet to see a single posting from you that makes any > | sense..... Welcome to the Kill File (along with this thread.......).... > > | -- > > | Regards, > | Hank Arnold > | Microsoft MVP > | Windows Server - Directory Services > > I don't understand where this came from ??? Me neither, Dave. I understood me perfectly. :o)
Recommended Posts