topic Re: DNS CACHE POISONING in Operating System - HP-UX

DNS CACHE POISONING

Art Taylor — Mon, 19 Sep 2005 15:53:05 GMT

How can I determine if I am at risk due to dns cache poisoning?

This question is a result of an automated email from the WatchGuard folks in an article warning of this.

Their article warned of "DNS Pharming: Someone's poisoned the water hole!"

Thanks.
Art Taylor

Re: DNS CACHE POISONING

Hakan Aribas — Mon, 19 Sep 2005 16:16:25 GMT

Basically, it is method for an attacker to change the IP address that a hostname resolves to. For instance the hostname www.nasa.gov points to the IP address 208.185.54.47. A DNS cache poisoning attack allows an attacker to change the IP address for a host/domain and point it to a different IP address.

The various UNIX-based DNS servers are not vulnerable to this attack. However, it may be possible to make them insecure through poor
configuration choices.

If your company disable the DNS cache service, you are not at risk any more.

Client workstations that use DNS should never cache DNS information locally. Once the workstation has stored DNS data locally, any process with the ability to access or change that information can trivially redirect services that depend on DNS to other hostnames.

Re: DNS CACHE POISONING

Art Taylor — Mon, 19 Sep 2005 16:34:49 GMT

Hakan,

"...However, it may be possible to make them insecure through poor configuration choices...."
What do I need to look for to determine if I have poor configuration choices?

"...If your company disable the DNS cache service, you are not at risk any more..."
How is this done? Is caching automatic when implementing DNS on HP?

"...Client workstations that use DNS should never cache DNS information locally..."
What would I tell the Windows group to disable?

Thank you in advance.
Art Taylor

Re: DNS CACHE POISONING

Art Taylor — Wed, 21 Sep 2005 08:16:13 GMT

Answer was sufficient.