On Mon, Mar 07, 2005 at 11:38:53AM +0000, Ketil Froyn said something to the effect of:
On Sat, 2005-03-05 at 14:43 -0800, william(at)elan.net wrote:
Global DNS cache poisoning attack?; Update...
It's a bit frustrating that problems this old and well-known can actually be used to cause damage.
Uh...see tcp ports 135 through 139, and give thought to smtp as a protocol. And I hear the water is lovely in nis, nfs, and rpc this time of year... ;P
The easiest way to check if you are vulnerable to DNS poisoning is to try to poison yourself. Try my "poison yourself" page here:
Nice, handy resource. What's up with the patching problems, btw? whee, --ra -- k. rachael treu, CISSP rara@navigo.com ..quis custodiet ipsos custodes?..
It tries to redirect www.example.com to a fake IP (the same one as I host my website on), where I have a virtualhost for www.example.com with a plain html page. It'll tell you if you were poisoned.
Cheers, Ketil Froyn