There's been some chatter about DNS web cache poisoning lately. It's a
well-known vulnerability with BIND 8-based DNS servers and DNS clients. I
didn't pay much attention to the chatter, but maybe it came up because black
hats are starting to actually exploit the vulnerabilities?
More here:
http://www.securityfocus.com/guest/17905
and
http://www.cisco.com/en/US/about/ac123/ac147/current_issue/dnssec.html
Priscilla
PADGETT.LYNNE wrote:
>
> Just wondering if any of you guys have run into this situation
> in the
> past couple of days. When web browsing to random sites (so far
> it has
> affected delta.com, cnn.com, google.com, aa.com --just to name
> a few),
> we are being redirected to the myfamily.com website. Doing
> nslookups
> resolves the name to the proper IP address, but you are unable
> to browse
> to the site. It's like a bogus page is placed in front of your
> true
> destination. After about 3-5 minutes you are able to access
> the site
> again.
>
> We use and internal DNS server for outside queries. As a
> process of
> elmination excercise, in an effort to determine the source of
> the
> problem, I changed a couple of my PCs to resolve to a DNS
> server on the
> outside of our network. When I do this, the PCs on the outside
> are able
> to get to the sites that the internal DNS server is having a
> problem
> with, while the one that gets its DNS from our internal server
> is not.
> I suspect that our DNS server has been compromised, but was
> wondering if
> any of you have run into a similar problem.
>
> TIA,
>
> Lynne
>
>
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=91760&t=91734
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
