Sunday, August 24, 2008

ISP DNS vulnerability checker

If you aren’t aware there has recently been an issue with DNS servers that may allow an attacker to redirect you to a malicious web site. If you interested in some more information about the issues see a recent story in the Sydney Morning Herald.

 

Unfortunately, this issue needs to be resolved at an ISP level, which basically means your ISP has to patch their DNS servers otherwise all their subscribers could be vulnerable. How can you tell whether your ISP has patched their servers?

 

DoxPara has been setup to do just that. Go to the site and click on the Test my DNS button of the right hand side. This will then return the results of a DNS query, if the ports are random (i.e. :42039, :54311, :34597, etc) then your ISP has patched. However, if the ports are following an obvious pattern (i.e :1001. :1002, :1003, or :30000, :30020, :30100) then you ISP probably hasn’t patched and you need to ask them why.