Jump to content
xisto Community
NilsC

Dns Warns Of Pharming Attacks APR 4, 2005-- ARTICLE ID: 5520

Recommended Posts

DNS is a global network of computers that translates requests for reader-friendly Web domains, such as http://www.computerworld.com/, into the numeric IP addresses that machines on the Internet use to communicate.
The latest attacks use a strategy called DNS cache poisoning, in which malicious hackers use a DNS server they control to feed erroneous information to other DNS servers. The attacks take advantage of a vulnerable feature of DNS that allows any DNS server that receives a request about the IP address of a Web domain to return information about the address of other Web domains.


The whole story is here so be careful when you are browsing, "Pharming" is becomming more and more common.

Info World Article on Pharming.

Nils

Share this post


Link to post
Share on other sites

Nah a lot different, the problem with the google thing was that google.com was parked to that account, wouldnt go anywhere, wouldnt spread, just a piece of nonsence, the hosts file then picked up the wrong IP, it sounds like its the same thing, it probably could be but it wouldnt go further than that sites viewers.

Share this post


Link to post
Share on other sites

I posted some info about this some time back..... It's really worrying that we dont have to do anything now...Dunno how far this would go.

Share this post


Link to post
Share on other sites

The pharmers, phisers and scammers are getting smarter, the problem with a poisoned DNS server may change the way DNS servers are setup and talk to each other. If it get out of hand DNS servers will have to be registered and you have to manually use a handshake protocol to link up with the next DNS server upstream or downstream from from you and a group of servers may have to be setup as the authorative NS cops. How this will be done or work, I'm not smart enough to figure out... :P I would think it has to be a subset of the Authorative name servers so that new nameservers has to register with them and setup some form of login, then a rogue nameserver can't just inject new data into neighboring nameservers. New nameservers can only receive data from registered nameservers but not transmit changes until it's registerd and verified.just my $0.02Nils

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.