Aug 22 2008

CNC DNS Server Cache Poisoning

Published by at 2:46 pm under Hacking for money

From websense labs (thanks to zdnet blogs):

When users mistype a domain name, they are sometimes directed by their ISPs to a placeholder Web site with generic advertisements. This is typically an additional revenue source for the ISP. In the case of CNC, customers of this prominent ISP are directed to a Web site under the control of an attacker.

I have tried a bunch of CNC nameservers and it seems that they have the typo redirects turned off or I haven’t tried the right nameserver yet.

In case you aren’t aware of what DNS cache poisoning is, check out this article.

2 responses so far

2 Responses to “CNC DNS Server Cache Poisoning”

  1. CBRP1R8on 25 Aug 2008 at 6:43 am

    What is suprising to me about all this is that, this latest DNS cache exploit has been known about since July. Most legitimate companies and countries have upgraded their DNS servers (including all ISP’s) by late July when the exploits started to leak out (metasploit etc). Then Just after thet Kaminsky himself gave a short briefing press conference to urge people to upgrade. Then at Black Hat at the beginning of the month, the cat was let out of the bag and everyone found out the in’s and out’s of the vulnerability. It only takes about 15 – 20 seconds to exploit this properly on an unpatched server.

    I’m highly surprised, that China’s largest ISP seems to have not patched their own, when this is the country of origination of quite a lot of these vulns/exploits.

  2. Bookmarks about Dnson 04 Oct 2008 at 12:00 pm

    [...] – bookmarked by 6 members originally found by cancerus on 2008-09-17 CNC DNS Server Cache Poisoning – bookmarked by 1 members [...]