From; Panda Oxygen3 24h-365d wrote: "Truth will rise above falsehood as oil above water." Miguel de Cervantes Saavedra (1547-1616). Spanish writer. - DNS Cache Poisoning Attacks - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, April 11, 2005 - "@RISK" (the SANS community's consensus bulletin) has reported a problem in the default configuration of the DNS servers in the DNS system in Windows NT and Windows 2000 (prior to SP3). Other configurations are also reportedly vulnerable and being studied. SANS Internet Storm Center (ISC) has been actively analyzing reports of large-scale DNS cache poisoning attacks. By carrying out this type of attack, the attacker can redirect traffic for legitimate domains (for example, windowsupdate.com) to an IP address controlled by the attacker. The attacks have been used to redirect popular domains belonging to certain financial, entertainment, travel, health and software companies to the attackers' servers in order to install malware on users systems. Microsoft has published an article KB241352 that describes how to configure a registry key on Windows 2000 (prior to SP3) and NT 4.0 (SP4 and later) to harden a DNS server's configuration. It is recommendable to upgrade to version 9.x in order to forward DNS servers running BIND. It is also recommendable to upgrade to Windows 2000 (SP3 or later) and Windows 2003 for Windows DNS servers, as these versions offer protection against cache poisoning attacks in their default configuration. More information at http://isc.sans.org/presentations/dnspoisoning.php and at http://support.microsoft.com/default.aspx?scid=kb;en-us;241352 NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ The 5 most frequently detected viruses by Panda ActiveScan, Panda Software's free online scanner: 1)Mhtredir.gen; 2)Shinwow.E; 3)Netsky.P; 4)Sdbot.ftp; 5)Downloader.WT. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member