Out of Control®

The latest CERT VU#800113 claims that an attacker which can carry out a successful cache poisoning attack can cause a nameserver's clients to contact incorrect and possibly malicious web hosts. The result is that web traffic, email, and other network data can be redirected to systems under the attacker's control. So the website you think you are visiting may not in fact be that site.

Why a big threat? It is up to the ISP's of this world to apply patches and restrict access properly to their DNS servers, routers etc. Unfortunately it would appear that a lot of the ISP's are slow on the take to get this done.

If you would like to see if your ISP has applied patches, you can get an idea using this self test from DNS-OARC:

Yesterday's announcement of CERT VU#800113 makes it clear that resolvers should use random source source ports when sending queries. Here at OARC, we've crafted a special DNS name and server that you can query to learn whether or not your own resolver is using random ports. Use a DNS query tool such as dig to ask for the TXT record of porttest.dns-oarc.net:

I am not absolutely sure what the results really mean in terms of level of threat, except to say that one of my providers for my servers has a STD Deviation of over 20,000 which is considered REALLY good, that is BlueHost. ThePlanet comes back with a FAIR rating and std dev of roughly 3600. 1and1 comes back with VERY good at over 19,000. My local ISP, Videotron comes back with a POOR rating of about 125. I emailed them to ask for more information. Somehow I doubt I will get much from them on this matter.