Is your internet service provider using a safe DNS?
You can check it by going to the page built by Mr Kaminsky: www.doxpara.com and click on “Check my DNS”
I checked mine and learnt that its not safe. My service provider is Airtel. Here is what I got?
Your name server, at 202.56.215.76, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 53541
Due to events outside our control, details of the vulnerability have been leaked. Please consider using a safe DNS server, such as OpenDNS. Note: Comcast users should not worry.
Requests seen for 41ec59db53bf.doxdns5.com:
202.56.215.76:53541 TXID=39666
202.56.215.76:53541 TXID=36131
202.56.215.76:53541 TXID=33110
202.56.215.76:53541 TXID=8581
202.56.215.76:53541 TXID=58442
What is DNS vulnerability all about?
The vulnerability is based in servers used by companies to access the internet and handle email. DNS is used by every computer that links to the internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites. We usually end of using the DNS of the ISP that we use. The vulnerability allows “cache poisoning” attacks that tinker with data stored in computer memory caches that relay internet traffic to its destination. The flaw has existed since 1983 and may well have been exploited without victims noticing. The vulnerability also lets hackers hijack emails and supposedly secure online transactions.
How can we plug this vulnerability?
At the ISP level, they need to add some patches so that their customers are safe. But this threat was announced in July 2008 and if your ISP has not done it so far, then chances are they will not fix it at all.
Thus, at the consumer level, if Doxpara tells you that your ISPs DNS is vulnerabe, then stop using your ISPs DNS and switch to OpenDNS.com.
a. In Indian context, do you think this threat is as real or dangerous as it is made out to be?
b. Why are the Indian service providers not fixing it? (at least Airtel has not fixed it still)
c. What is the downside of using openDNS.com? Will it have a slowdown effect?
DO share whether your ISP’s DNS is safe?
To learn more, read:
http://www.news.com.au/dailytelegraph/story/0,22049,24141990-5001028,00.html
August 12, 2008 at 4:24 pm
When I click on “Check DNS” it gives me address not found in the area below the button. Happened to me when I tried from home as well as from office.
August 12, 2008 at 7:00 pm
>> When I click on “Check DNS” it gives me address not found in the area below the button. Happened to me when I tried from home as well as from office.
Thats surprising! I believe you are also on Airtel. So you should have also got similar or atleast some result. Try again tomorrow 😉
August 12, 2008 at 7:04 pm
Checked our leased line by TATA Communications Internet Services Ltd. That’s also vulnerable….. See below.
Your name server, at 203.196.128.4, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 54762
Due to events outside our control, details of the vulnerability have been leaked. Please consider using a safe DNS server, such as OpenDNS. Note: Comcast users should not worry.Requests seen for 3814e25e1d46.doxdns5.com:
203.196.128.4:54762 TXID=26959
203.196.128.4:54762 TXID=56024
203.196.128.4:54762 TXID=60878
203.196.128.4:54762 TXID=39311
203.196.128.4:54762 TXID=55874