Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Updates on DNS Poisoning / Peru Offline / Mailbag and other stories...

Published: 2005-04-05
Last Updated: 2005-04-06 23:49:23 UTC
by Pedro Bueno (Version: 1)
0 comment(s)

Updates on DNS Poisoning...



A new day has come and as you could notice, we are still on Yellow Infocon Level.


Over the last few days we have been observing some interesting stuff on the DNS poisoning topic.

- http://isc.sans.org/diary.php?date=2005-04-03

- http://isc.sans.org/diary.php?date=2005-04-04

- http://isc.sans.org/presentations/dnspoisoning.php


Something new that we could update is that (Thanks Kyle) according to Microsoft documentation, it appears that Windows 2000 DNS server with SP3+ has the registry key to protect against DNS cache poisoning by default. But we are still trying to validate this information and ensure that this is always the case.





Reference: http://support.microsoft.com/kb/316786/EN-US/
We are researching and trying to get more details about this and post here as soon as possible. Stay tuned!




Peru Offline?



One of our readers in Peru sent an interesting story about DNS problems in Peru. According our the news, looks like all .gob.pe and .com.pe were unavailable today in Peru. At this time, we don't have any proof that this could be related to the DNS poisoning topic.

Reference:
http://www.elcomercioperu.com.pe/EdicionImpresa/Html/2005-04-03/impLima0283191.html




Mailbag and other stories...






Thanks to our Finnish reader Juha-Matti, that reminded us that there is life besides DNS Poisoning...

Btw, there are a lot of new stuff around.


-Remember the MS04-045? Well, looks like we have a public exploit available. Didn't patch yet? Need another reason?

Reference: http://support.microsoft.com/kb/870763




- Sybase ASE Multiple vulnerabilities - NGS Software released an advisory about six security flaws in Sybase Adaptive Server Enterprise. Patches available!

Reference: http://www.ngssoftware.com/advisories/sybase-ase.txt




- Looks like the Rootkit detectors are now the hot stuff. After the one from sysinternals, and F-secure Black Light, now SecuriTeam recommends a new one, called Klister. I didnt test them yet, but if anyone would like to share experiences, feel free to email me.

Reference: http://www.securiteam.com/tools/5GP0315FFW.html


------------------------------------------------------------------

Handler on Duty: Pedro Bueno (pbueno /AT/isc.sans.org)
Keywords:
0 comment(s)
Diary Archives