DNS Inkblot test

By Roger on July 20, 2008 1:25 PM | | Comments (0) | TrackBacks (0)

So Donna thinks that PC World is a victim of DNS Cache Poisoning.

What is the attack here? pcworld.com DNS resolves to 70.42.185.10 which according to an IPWHOIS is their IP address.

So what if removespyware.ru resolves to the same address. Unless they can modify the routing, I dont see what they've accomplished other than getting Donna to add the IP the Outpost firewall blacklist while invoking the name Dan Kaminsky.

If a site "malware.r.us" has a reputation for serving malware, and they change their DNS to resolve that URL to my website, why should my website be blocked. The biggest security problem here is the denial of service instigated by the Outpost personal firewall against a innocent website.

I guess when you're looking for a DNS cache poisoning attack, everything looks like a DNS cache poisoning attack.

Categories

General

0 TrackBacks

Listed below are links to blogs that reference this entry: DNS Inkblot test.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/762

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on July 20, 2008 1:25 PM.

Verizon on DNS Vuln: Don't Panic was the previous entry in this blog.

Symantec False Positive in DWRCS.exe is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search