• NEW! LOWEST RATES EVER -- SUPPORT THE SHOW AND ENJOY THE VERY BEST PREMIUM PARACAST EXPERIENCE! Welcome to The Paracast+, 11 years young! For a low subscription fee, you can download the ad-free version of The Paracast and the exclusive, member-only, After The Paracast bonus podcast, featuring color commentary, exclusive interviews, the continuation of interviews that began on the main episode of The Paracast. We also offer lifetime memberships! Flash! Take advantage of our lowest rates ever! Act now! It's easier than ever to susbcribe! You can sign up right here!

    Subscribe to The Paracast Newsletter!

"DNS Cache Poisoning"

Forums New posts

Free episodes:

musictomyears said:
Hiya,

Has anybody here (Gene?) got any experience/advice concerning the following:


http://abcnews.go.com/Technology/AheadoftheCurve/Story?id=5489156&page =3

http://www.doxpara.com/

https://www.opendns.com/start?computer

According to doxpara.com, my "name server, at xxx.xxx.xx.xx, appears vulnerable to DNS Cache Poisoning." (I'm on OS X.5.4).
Click to expand...

Apple released a Security Update on the evening of July 31st for users of Mac OS 10.5 in order patch this issue. You should also consider using OpenDNS.com instead of an ISP's own name servers.
 
Thanks much, Gene, I wasn't aware of the update. The release notes seem to suggest that the update fixes the problem:

"systems that rely on the BIND server for DNS may receive forged information. This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks."

http://support.apple.com/kb/HT2647

Would you still consider it advisable to go through OpenDNS.com? Have you tried this?
 
musictomyears said:
Thanks much, Gene, I wasn't aware of the update. The release notes seem to suggest that the update fixes the problem:

"systems that rely on the BIND server for DNS may receive forged information. This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks."

http://support.apple.com/kb/HT2647

Would you still consider it advisable to go through OpenDNS.com? Have you tried this?
Click to expand...
Are you running your own nameserver? Just curious, because this would otherwise only impact your ISP.
 
TBH, I haven't got a clue what a nameserver is or does! :redface:

But I can tell you my set-up: Telephone line - ADSL modem - Airport Express - Mac Pro and MBP.
 
Come on you clever people, what is a "nameserver"? I tried to look it up, but all I found was tech gibberish. Can someone please explain it with a few words, and importantly, do I have one, hidden within my humble set-up?
 
I installed the update, but the test at doxpara.com still gives me the same result. I wonder why..?

BTW, I think it's rather important that we all know about this sort of thing, whether we are PC or Mac users. And yes, I also know about the macnightowl - that's how I got here in the first place! :)
 
musictomyears said:
I installed the update, but the test at doxpara.com still gives me the same result. I wonder why..?

BTW, I think it's rather important that we all know about this sort of thing, whether we are PC or Mac users. And yes, I also know about the macnightowl - that's how I got here in the first place! :)
Click to expand...
Because it has nothing to do with your Mac. It's your ISP's nameserver. A nameserver is basically a translation computer that converts the name of the site you specify, such as www.theparacast.com, to its IP number, which in this case is 69.93.156.214.

As to your DNS problem, well, the only solution for you, other than waiting for your ISP to fix the problem, is to go to www.opendns.com, follow the simple instructions and use their DNS servers. You'll get slightly speedier performance, and freedom from the bug.

I've used them for quite a while. I have it set on my MacBook Pro, so I can use it on the road, and on my router, so any connection made from my home office goes through their servers.
 
OK Gene, I'll try opendns.com. Thanks for the explanation.

One more question: What does the Security Update do? Does it actually mitigate the problem in any way? The release notes appear to say so.
 
Thanks Gene, much appreciated. There is one thing I forgot to ask: I remember reading a comment, saying only non-secure web sites can be subject to these DNS Poisoning attacks. Is this correct?

I can imagine a lot of people would want to know more about this. Personally, I now wonder if I should contact my ISP.

How about an article for the macnightowl? :)
 
musictomyears said:
Thanks Gene, much appreciated. There is one thing I forgot to ask: I remember reading a comment, saying only non-secure web sites can be subject to these DNS Poisoning attacks. Is this correct?

I can imagine a lot of people would want to know more about this. Personally, I now wonder if I should contact my ISP.

How about an article for the macnightowl? :)
Click to expand...
This particular bug can result in a request for a site to be diverted to the fake site, a sort of phishing scam. The fix makes that difficult if not impossible.
 
Back
Top