Security of AT&T's Network - DNS Cache Poisoning Vulnerability

Highlighted
Tutor

Security of AT&T's Network - DNS Cache Poisoning Vulnerability

Does anyone know how to send a question to AT&T about the security of their DNS? The support pages don't seem to cover that area.

 

There is a current issue with their DNS servers that appears make them vulnerable to the DNS Cache Poisoning (see http://www.doxpara.com/ ). According to this site, AT&T's DNS servers have not been patched. This means you could surf to www.citibank.com and be directed to phony phishing site.

 

I was just wondering what the offical AT&T position is. Until I know for sure this is covered, I won't feel safe logging onto any financial sites. If we can't trust DNS, then we can't trust anything we see :smileysad:.

Message 1 of 11 (1,759 Views)
Master

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability


mphouston wrote:

Does anyone know how to send a question to AT&T about the security of their DNS? The support pages don't seem to cover that area.

 

There is a current issue with their DNS servers that appears make them vulnerable to the DNS Cache Poisoning (see http://www.doxpara.com/ ). According to this site, AT&T's DNS servers have not been patched. This means you could surf to www.citibank.com and be directed to phony phishing site.

 

I was just wondering what the offical AT&T position is. Until I know for sure this is covered, I won't feel safe logging onto any financial sites. If we can't trust DNS, then we can't trust anything we see :smileysad:.


 

       old news   its been patched ...

       u cannot get to that page ne more 

       there were certain areas exposed without password protection but those have been changed..

       u will find older threads about this back a few months now...

 

      randy 

 

Message 2 of 11 (1,759 Views)
Tutor

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

Are you talking about flaw in the 2Wire RG? The one I saw from January 2008:

 

MAJOR SECURITY FLAW IN ATT/2WIRE RG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

I am not worried about that flaw since it was closed.

 

I am talking about flaws in AT&T's internal DNS servers that we all rely on. Not the boxes in our homes :smileyhappy:.

 

According to the doxpara site, AT&T's servers are still unpatched. (There is a nice link on that site that lets you test if your DNS servers are still vulnerable. Not sure how it tests it). The flaw was discovered around July 24 and accidentally made public before the DNS servers were patched. Right now, about 50% of the DNS servers are vulnerable.

 

I normally don't worry about most vulnerabilities, but this one caught my eye since you don't have to go to shady sites, download trojans or any other unsafe practices. Just using DNS and getting unlucky is all it seems to take.

  

 

Message 3 of 11 (1,759 Views)
Master

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

yep yep  i have no knowledge of the latest stuff sorry

 

edited for  below ::

 

Your name server, at 151.164.11.213, appears to be safe, but make sure the ports listed below aren't following an obvious pattern (:1001, :1002, :1003, or :30000, :30020, :30100...).


Message Edited by randyl on 07-27-2008 03:51 PM
Message 4 of 11 (1,759 Views)
Tutor

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

Good, at least some of the DNS servers are not vulnerable.

 

In the Atlanta area, I get the following results from doxpara.com:

 

Your name server, at 66.73.20.31, appears vulnerable to DNS Cache Poisoning.

All requests came from the following source port: 35520

So, any idea on how to ask AT&T about this directly?  I doubt calling Customer Service will get me to the right people (just a guess, since I am new to U-Verse ).

 

BTW, Thanks for the quick response randyl. 

Message 5 of 11 (1,759 Views)
Master

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

maybe try an email to  :

david

 

he gets tons so  maybe try in subject  "new dns exploit not the old one ?   "   etc

he works the dsl side of at&t less he has moved functions ??    he helped out on the last probelm with the rg3800   fyi

 

 

a thought

randy

Message 6 of 11 (1,759 Views)
Professor

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

Something you could do is use OpenDNS in the meantime. It isn't affected.
Message 7 of 11 (1,759 Views)
Tutor

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

Thanks for the suggestion. I checked again today and the DNS server (66.73.20.52) seems to be safe according to www.doxpara.com. Of course, that is not the DNS server listed in the 2wire setup (68.94.156.1). Both are listed as AT&T in Richardson, so I feel Ok now.

 

I did notice that the DNS server it tests with my office VPN is different (naturally). It is listed as possibly vulnerable. According to whois, it is a Bellsouth IP, so maybe not all of AT&T is patched yet. BTW, my original tests over the weeked were without the VPN.


I am still going to be a little paranoid, but now I can probably use my online banking again :smileyhappy:.


(Thanks for the suggestion on OpenDNS. I couldn't easily use it on my laptop since I bounce between networks and depend on DHCP to reconfigure things. The 2wire RG does not seem to let me override the DNS server for the whole local net like my older router gateways did).

 

Message 8 of 11 (1,759 Views)
Employee

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

Are you referring to the DNS vulnerability that caused Firefox 3.01 and at lot of other major programs to release updates around July 19th?
Employee Contributor*
*I am an AT&T employee and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
Message 9 of 11 (1,759 Views)
Tutor

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

I'm not sure. The doxpara site explains it fairly well.

 

The release notes for 3.0.1 doesn't mention any DNS issues fixed: http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.1

 

My guess is that this DNS issue can't be fixed on the client. It must be fixed on the DNS server itself.

 

Message 10 of 11 (1,759 Views)
Master

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

mine say's that it appears to be safe...
Dennis
Message 11 of 11 (654 Views)
Share this topic
Announcements

Welcome to the AT&T Community Forums!!! Stop by the Community How-To section for tips on how to get started.