Archive for the ‘Discussion’ Category

You can check it by going to the page built by Mr Kaminsky: www.doxpara.com and click on “Check my DNS”

I checked mine and learnt that its not safe. My service provider is Airtel. Here is what I got?

Your name server, at 202.56.215.76, appears vulnerable to DNS Cache Poisoning.

All requests came from the following source port: 53541

Due to events outside our control, details of the vulnerability have been leaked. Please consider using a safe DNS server, such as OpenDNS. Note: Comcast users should not worry.


Requests seen for 41ec59db53bf.doxdns5.com:
202.56.215.76:53541 TXID=39666
202.56.215.76:53541 TXID=36131
202.56.215.76:53541 TXID=33110
202.56.215.76:53541 TXID=8581
202.56.215.76:53541 TXID=58442

What is DNS vulnerability all about?

The vulnerability is based in servers used by companies to access the internet and handle email. DNS is used by every computer that links to the internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites. We usually end of using the DNS of the ISP that we use. The vulnerability allows “cache poisoning” attacks that tinker with data stored in computer memory caches that relay internet traffic to its destination. The flaw has existed since 1983 and may well have been exploited without victims noticing. The vulnerability also lets hackers hijack emails and supposedly secure online transactions.

How can we plug this vulnerability?

At the ISP level, they need to add some patches so that their customers are safe. But this threat was announced in July 2008 and if your ISP has not done it so far, then chances are they will not fix it at all.

Thus, at the consumer level, if Doxpara tells you that your ISPs DNS is vulnerabe, then stop using your ISPs DNS and switch to OpenDNS.com.

Issues for discussion

a. In Indian context, do you think this threat is as real or dangerous as it is made out to be?

b. Why are the Indian service providers not fixing it? (at least Airtel has not fixed it still)

c. What is the downside of using openDNS.com? Will it have a slowdown effect?

DO share whether your ISP’s DNS is safe?

To learn more, read:

http://www.news.com.au/dailytelegraph/story/0,22049,24141990-5001028,00.html

http://www.doxpara.com/