DNS cache poisoning
in [Viruses]
|
From: ~BD~ on 23 Jun 2010 06:41 I've read the item here http://en.wikipedia.org/wiki/DNS_cache_poisoning where it states "A user whose computer has referenced the poisoned DNS server would be tricked into accepting content coming from a non-authentic server and unknowingly download malicious content." I had thought that DNS poisoning related to my NAT router, not an ISP as mentioned! Perhaps I have again misunderstood something! Can a private server, like Eternal-September or Dogagent.com, be considered to be DNS servers when connecting to them to read newsgroups? I had thought that DNS poisoning related to my NAT router, not an ISP as mentioned! Some guidance on exactly *how* an end user can be /captured/ and directed to 'spoof' websites in this manner will be welcomed. Might it be achieved by simply visiting a specific URL for instance? -- Dave
From: David H. Lipman on 23 Jun 2010 06:47 From: "~BD~" <BoaterDave.(a)hotmail.co.uk> | I've read the item here http://en.wikipedia.org/wiki/DNS_cache_poisoning | where it states "A user whose computer has referenced the poisoned DNS | server would be tricked into accepting content coming from a | non-authentic server and unknowingly download malicious content." | I had thought that DNS poisoning related to my NAT router, not an ISP as | mentioned! Perhaps I have again misunderstood something! | Can a private server, like Eternal-September or Dogagent.com, be | considered to be DNS servers when connecting to them to read newsgroups? | I had thought that DNS poisoning related to my NAT router, not an ISP as | mentioned! | Some guidance on exactly *how* an end user can be /captured/ and | directed to 'spoof' websites in this manner will be welcomed. Might it | be achieved by simply visiting a specific URL for instance? NO ! NNTP servers do NOT act as a DNS servers. Please READ the URL you posted... "To perform a cache poisoning attack, the attacker exploits a flaw in the DNS software." -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: "FromTheRafters" erratic on 23 Jun 2010 11:45 "~BD~" <BoaterDave.(a)hotmail.co.uk> wrote in message news:hvsoi8$9h2$1(a)news.eternal-september.org... > I've read the item here http://en.wikipedia.org/wiki/DNS_cache_poisoning [...] > I had thought that DNS poisoning related to my NAT router, not an ISP as > mentioned! Perhaps I have again misunderstood something! DNS as it applies to routers, maybe you are thinking of DNS primary and secondary server settings? Maybe this will interest you: http://blogs.techrepublic.com.com/networking/?p=774
From: ~BD~ on 23 Jun 2010 13:53 "FromTheRafters" <erratic @nomail.afraid.org> wrote in message news:hvta6g$6ce$1(a)news.eternal-september.org... > "~BD~" <BoaterDave.(a)hotmail.co.uk> wrote in message > news:hvsoi8$9h2$1(a)news.eternal-september.org... > >> I've read the item here >> http://en.wikipedia.org/wiki/DNS_cache_poisoning > > [...] > >> I had thought that DNS poisoning related to my NAT router, not an ISP >> as mentioned! Perhaps I have again misunderstood something! > > DNS as it applies to routers, maybe you are thinking of DNS primary > and secondary server settings? > > Maybe this will interest you: > > http://blogs.techrepublic.com.com/networking/?p=774 Thank you, FTR ;-) I still have much to learn! -- Dave
From: ~BD~ on 23 Jun 2010 18:01
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:hvsool0oc3(a)news1.newsguy.com... > From: "~BD~" <BoaterDave.(a)hotmail.co.uk> > > | I've read the item here > http://en.wikipedia.org/wiki/DNS_cache_poisoning > > | where it states "A user whose computer has referenced the poisoned > DNS > | server would be tricked into accepting content coming from a > | non-authentic server and unknowingly download malicious content." > > | I had thought that DNS poisoning related to my NAT router, not an > ISP as > | mentioned! Perhaps I have again misunderstood something! > > | Can a private server, like Eternal-September or Dogagent.com, be > | considered to be DNS servers when connecting to them to read > newsgroups? > > | I had thought that DNS poisoning related to my NAT router, not an > ISP as > | mentioned! > > | Some guidance on exactly *how* an end user can be /captured/ and > | directed to 'spoof' websites in this manner will be welcomed. Might > it > | be achieved by simply visiting a specific URL for instance? > > NO ! > NNTP servers do NOT act as a DNS servers. > > Please READ the URL you posted... > "To perform a cache poisoning attack, the attacker exploits a flaw in > the DNS software." I'll try to study things in more depth, perhaps when I'm at home again! David, whilst I'm here, can you reach a website called www.uniblue.com If you can, using your industry knowledge would you please provide a view on the authenticity of same? TIA. -- Dave BD |