Is your internet service provider using a safe DNS?

August 11, 2008 in Discussion, Poll
Tags: ,

You can check it by going to the page built by Mr Kaminsky: www.doxpara.com and click on “Check my DNS”

I checked mine and learnt that its not safe. My service provider is Airtel. Here is what I got?

Your name server, at 202.56.215.76, appears vulnerable to DNS Cache Poisoning.

All requests came from the following source port: 53541

Due to events outside our control, details of the vulnerability have been leaked. Please consider using a safe DNS server, such as OpenDNS. Note: Comcast users should not worry.

Requests seen for 41ec59db53bf.doxdns5.com:
202.56.215.76:53541 TXID=39666
202.56.215.76:53541 TXID=36131
202.56.215.76:53541 TXID=33110
202.56.215.76:53541 TXID=8581
202.56.215.76:53541 TXID=58442

What is DNS vulnerability all about?

The vulnerability is based in servers used by companies to access the internet and handle email. DNS is used by every computer that links to the internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites. We usually end of using the DNS of the ISP that we use. The vulnerability allows “cache poisoning” attacks that tinker with data stored in computer memory caches that relay internet traffic to its destination. The flaw has existed since 1983 and may well have been exploited without victims noticing. The vulnerability also lets hackers hijack emails and supposedly secure online transactions.

How can we plug this vulnerability?

At the ISP level, they need to add some patches so that their customers are safe. But this threat was announced in July 2008 and if your ISP has not done it so far, then chances are they will not fix it at all.

Thus, at the consumer level, if Doxpara tells you that your ISPs DNS is vulnerabe, then stop using your ISPs DNS and switch to OpenDNS.com.

Issues for discussion

a. In Indian context, do you think this threat is as real or dangerous as it is made out to be?

b. Why are the Indian service providers not fixing it? (at least Airtel has not fixed it still)

c. What is the downside of using openDNS.com? Will it have a slowdown effect?

DO share whether your ISP’s DNS is safe?

To learn more, read:

http://www.news.com.au/dailytelegraph/story/0,22049,24141990-5001028,00.html

http://www.doxpara.com/

3 Comments

  1. Shekhar

    August 12, 2008 at 4:24 pm

    When I click on “Check DNS” it gives me address not found in the area below the button. Happened to me when I tried from home as well as from office.

  2. aseemsood

    August 12, 2008 at 7:00 pm

    >> When I click on “Check DNS” it gives me address not found in the area below the button. Happened to me when I tried from home as well as from office.

    Thats surprising! I believe you are also on Airtel. So you should have also got similar or atleast some result. Try again tomorrow 😉

  3. aseemsood

    August 12, 2008 at 7:04 pm

    Checked our leased line by TATA Communications Internet Services Ltd. That’s also vulnerable….. See below.

    Your name server, at 203.196.128.4, appears vulnerable to DNS Cache Poisoning.
    All requests came from the following source port: 54762

    Due to events outside our control, details of the vulnerability have been leaked. Please consider using a safe DNS server, such as OpenDNS. Note: Comcast users should not worry.Requests seen for 3814e25e1d46.doxdns5.com:
    203.196.128.4:54762 TXID=26959
    203.196.128.4:54762 TXID=56024
    203.196.128.4:54762 TXID=60878
    203.196.128.4:54762 TXID=39311
    203.196.128.4:54762 TXID=55874


»

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: