MyPersonalVPS.com

Recently a new DNS vulnerability has been discovered (Read the story here) which allows a malicious hacker to poison a DNS cache. The ability to poison a cache allows someone to redirect traffic (web,  FTP, mail, etc) away from intended sites to the hacker’s sites, which may host virii, trojans, bot-inserters, etc, so it is important to protect yourself against this type of exploit.

Without going into huge detail here, we all need to take a look at our own ISP’s DNS setup, and also the DNS most of us run on our VPSs and servers. The vulnerability is, as yet, undisclosed, but will be announced at the Black Hat Conference on August 7th. (Read this article). After that, the vulnerability will be out in the wild and hackers will be looking to exploit it as much as possible before everyone has an opportunity to secure their set-ups.

DNS-OARC have provided a web-based tool which you can use to check your home or office ISP’s DNS resolvers for vulnerability. If either of the test results report “POOR” you need to get onto your ISP’s case, right now, and ask them what they’re doing to fix things before the 7th August deadline. Click here to run the test.

You should also check your own VPSs and servers to see if they allow recursive look-ups and, if they do and you have no need for this, turn off recursion.

Anyone who suspects that their own ISP’s DNS is exploitable and that this will not be fixed promptly  might wish to consider one of the free public services like OpenDNS as an alternative.