Subject: | |
From: | |
Reply To: | |
Date: | Thu, 24 Jul 2008 08:50:18 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Perhaps you should read more closely
Fernando Rannou wrote:
> I just read in the newspaper there is a "virus" running
> around that affects DNS that operate with a cache or resolver server.
> So we could all be vulnerable to cache poisoning or spoofing.
>
> Take a look at
> http://www.kb.cert.org/vuls/id/800113
If you look down at the affected vendors and look at RedHat, you will see it
points to
http://www.kb.cert.org/vuls/id/MIMG-7ECLBD
which points to
https://rhn.redhat.com/errata/RHSA-2008-0533.html
which shows that is has already been patched, and the patch pushed out.
Do we have it pushed out in Scientific Linux?
Sure, we have these pushed out and announced at
http://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&X=3417C00DB65A487ABD&Y=dawson%40fnal.gov&P=432
http://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&X=3417C00DB65A487ABD&Y=dawson%40fnal.gov&P=1067
Could you be infected?
Only if you have turned off your autoupdates.
Troy
> http://www.isc.org/index.pl?/sw/bind/forgery-resilience.php
> http://www.microsoft.com/technet/security/Bulletin
> http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml
> http://news.oreilly.com/2008/07/dan-kaminsky-upgrade-your-dns.html
>
> Fernando Rannou
>
> On Thu, 2008-07-24 at 00:43 -0700, Keith Lofstrom wrote:
>> On Wed, Jul 23, 2008 at 12:07:06AM -0700, Keith Lofstrom wrote:
>>> There was a flurry of upgrades to BIND/named about a week ago. Over
>>> the last few days, I have noticed a few DNS failures (but that may
>>> be coincidental). I am learning to read debug output and developing
>>> a better understanding of named.conf (set up by a consultant 5 years
>>> ago) and so on, but meanwhile, is anyone else having problems?
>>>
>>> Try "dig ns1.hostica.com +trace" and see if it fails.
>>>
>>> Keith
>> In my case, it turned out to me a couple of things. The DNS UDP
>> packets seem to be a bit longer now. I am currently connected to
>> Verizon FIOS through an Actiontec cable modem/router, which some
>> websites say truncates UDP packets to 512 bytes, in accordance
>> with RFC negative 666. :-) That caused problems with hostica
>> and others. I changed /etc/named.conf to a policy of forward
>> first, and used the Verizon nameservers as forwarders, taking out
>> the lookup through the root nameservers. Verizon does some goofy
>> things with nonexistent URLs, but I can live with that for now.
>>
>> Keith
>>
>> --
>> Keith Lofstrom [log in to unmask] Voice (503)-520-1993
>> KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
>> Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
>>
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
|
|
|