Most of the vendors have released patches/upgrades for the DNS Cache
Poisoning attack.So the best approach is to patch/upgrade the
vulnerable devices.
Thanks,
Aditya Govind Mukadam
On Fri, Jul 18, 2008 at 7:14 AM, Michael Rash <mbr (at) cipherdyne (dot) org [email concealed]> wrote:
> In addition to detection, how about prevention? There is a an easy way
> to thwart the attack (most likely) for those DNS servers that are deployed
> on (or behind) either Linux or OpenBSD without patching the DNS server
> (which is preferrable of course, but not everyone can):
>
> http://www.cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-at
tacks-with-iptables.html
> http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.h
tml
>
> --Mike
>
>
> On Jul 17, 2008, Joel Esler wrote:
>
>> There are Shared Object rules available for the DNS Cache Poisoning attack
>> that are VRT certified available via subscription at www.snort.org.
>>
>> J
>>
>> On Jul 16, 2008, at 10:38 PM, Ravi Chunduru wrote:
>>
>>> Does anybody have snort or Intrupro-IPS signature(s) to detect DNS
>>> Cache Poisoning attack?
>>> Also, is there any PoC to simulate the attack and test the
>>> effectiveness of signature(s)?
>>>
>>> thanks
>>> Ravi
>>>
>>> ------------------------------------------------------------------------
>>> Test Your IDS
>>>
>>> Is your IDS deployed correctly?
>>> Find out quickly and easily by testing it
>>> with real-world attacks from CORE IMPACT.
>>> Go to
>>> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
>>> to learn more.
>>> ------------------------------------------------------------------------
>> Test Your IDS
>>
>> Is your IDS deployed correctly?
>> Find out quickly and easily by testing itwith real-world attacks from CORE
>> IMPACT.
>> Go to
>> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfwto
>> learn more.
>> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
Poisoning attack.So the best approach is to patch/upgrade the
vulnerable devices.
Thanks,
Aditya Govind Mukadam
On Fri, Jul 18, 2008 at 7:14 AM, Michael Rash <mbr (at) cipherdyne (dot) org [email concealed]> wrote:
> In addition to detection, how about prevention? There is a an easy way
> to thwart the attack (most likely) for those DNS servers that are deployed
> on (or behind) either Linux or OpenBSD without patching the DNS server
> (which is preferrable of course, but not everyone can):
>
> http://www.cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-at
tacks-with-iptables.html
> http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.h
tml
>
> --Mike
>
>
> On Jul 17, 2008, Joel Esler wrote:
>
>> There are Shared Object rules available for the DNS Cache Poisoning attack
>> that are VRT certified available via subscription at www.snort.org.
>>
>> J
>>
>> On Jul 16, 2008, at 10:38 PM, Ravi Chunduru wrote:
>>
>>> Does anybody have snort or Intrupro-IPS signature(s) to detect DNS
>>> Cache Poisoning attack?
>>> Also, is there any PoC to simulate the attack and test the
>>> effectiveness of signature(s)?
>>>
>>> thanks
>>> Ravi
>>>
>>> ------------------------------------------------------------------------
>>> Test Your IDS
>>>
>>> Is your IDS deployed correctly?
>>> Find out quickly and easily by testing it
>>> with real-world attacks from CORE IMPACT.
>>> Go to
>>> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
>>> to learn more.
>>> ------------------------------------------------------------------------
>>>
>>
>>
>> ------------------------------------------------------------------------
>> Test Your IDS
>>
>> Is your IDS deployed correctly?
>> Find out quickly and easily by testing itwith real-world attacks from CORE
>> IMPACT.
>> Go to
>> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfwto
>> learn more.
>> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
[ reply ]