U-verse Forums

Reply
Posted Jul 27, 2008
12:37:19 PM
View profile
Security of AT&T's Network - DNS Cache Poisoning Vulnerability

Does anyone know how to send a question to AT&T about the security of their DNS? The support pages don't seem to cover that area.

 

There is a current issue with their DNS servers that appears make them vulnerable to the DNS Cache Poisoning (see http://www.doxpara.com/ ). According to this site, AT&T's DNS servers have not been patched. This means you could surf to www.citibank.com and be directed to phony phishing site.

 

I was just wondering what the offical AT&T position is. Until I know for sure this is covered, I won't feel safe logging onto any financial sites. If we can't trust DNS, then we can't trust anything we see :smileysad:.

Does anyone know how to send a question to AT&T about the security of their DNS? The support pages don't seem to cover that area.

 

There is a current issue with their DNS servers that appears make them vulnerable to the DNS Cache Poisoning (see http://www.doxpara.com/ ). According to this site, AT&T's DNS servers have not been patched. This means you could surf to www.citibank.com and be directed to phony phishing site.

 

I was just wondering what the offical AT&T position is. Until I know for sure this is covered, I won't feel safe logging onto any financial sites. If we can't trust DNS, then we can't trust anything we see :smileysad:.

Security of AT&T's Network - DNS Cache Poisoning Vulnerability

1,671 views
10 replies
(0) Me too
(0) Me too
Post reply
Cancel
Submit
Replies
(10)
0
(0)
  • Rate this reply
View profile
Jul 27, 2008 12:56:39 PM
0
(0)
Master

mphouston wrote:

Does anyone know how to send a question to AT&T about the security of their DNS? The support pages don't seem to cover that area.

 

There is a current issue with their DNS servers that appears make them vulnerable to the DNS Cache Poisoning (see http://www.doxpara.com/ ). According to this site, AT&T's DNS servers have not been patched. This means you could surf to www.citibank.com and be directed to phony phishing site.

 

I was just wondering what the offical AT&T position is. Until I know for sure this is covered, I won't feel safe logging onto any financial sites. If we can't trust DNS, then we can't trust anything we see :smileysad:.


 

       old news   its been patched ...

       u cannot get to that page ne more 

       there were certain areas exposed without password protection but those have been changed..

       u will find older threads about this back a few months now...

 

      randy 

 


mphouston wrote:

Does anyone know how to send a question to AT&T about the security of their DNS? The support pages don't seem to cover that area.

 

There is a current issue with their DNS servers that appears make them vulnerable to the DNS Cache Poisoning (see http://www.doxpara.com/ ). According to this site, AT&T's DNS servers have not been patched. This means you could surf to www.citibank.com and be directed to phony phishing site.

 

I was just wondering what the offical AT&T position is. Until I know for sure this is covered, I won't feel safe logging onto any financial sites. If we can't trust DNS, then we can't trust anything we see :smileysad:.


 

       old news   its been patched ...

       u cannot get to that page ne more 

       there were certain areas exposed without password protection but those have been changed..

       u will find older threads about this back a few months now...

 

      randy 

 

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

2 of 11 (1,671 Views)
0
(0)
  • Rate this reply
View profile
Jul 27, 2008 1:30:07 PM
0
(0)
New Member

Are you talking about flaw in the 2Wire RG? The one I saw from January 2008:

 

MAJOR SECURITY FLAW IN ATT/2WIRE RG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

I am not worried about that flaw since it was closed.

 

I am talking about flaws in AT&T's internal DNS servers that we all rely on. Not the boxes in our homes :smileyhappy:.

 

According to the doxpara site, AT&T's servers are still unpatched. (There is a nice link on that site that lets you test if your DNS servers are still vulnerable. Not sure how it tests it). The flaw was discovered around July 24 and accidentally made public before the DNS servers were patched. Right now, about 50% of the DNS servers are vulnerable.

 

I normally don't worry about most vulnerabilities, but this one caught my eye since you don't have to go to shady sites, download trojans or any other unsafe practices. Just using DNS and getting unlucky is all it seems to take.

  

 

Are you talking about flaw in the 2Wire RG? The one I saw from January 2008:

 

MAJOR SECURITY FLAW IN ATT/2WIRE RG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

I am not worried about that flaw since it was closed.

 

I am talking about flaws in AT&T's internal DNS servers that we all rely on. Not the boxes in our homes :smileyhappy:.

 

According to the doxpara site, AT&T's servers are still unpatched. (There is a nice link on that site that lets you test if your DNS servers are still vulnerable. Not sure how it tests it). The flaw was discovered around July 24 and accidentally made public before the DNS servers were patched. Right now, about 50% of the DNS servers are vulnerable.

 

I normally don't worry about most vulnerabilities, but this one caught my eye since you don't have to go to shady sites, download trojans or any other unsafe practices. Just using DNS and getting unlucky is all it seems to take.

  

 

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

3 of 11 (1,671 Views)
0
(0)
  • Rate this reply
View profile
Jul 27, 2008 1:46:32 PM
0
(0)
Master

yep yep  i have no knowledge of the latest stuff sorry

 

edited for  below ::

 

Your name server, at 151.164.11.213, appears to be safe, but make sure the ports listed below aren't following an obvious pattern (:1001, :1002, :1003, or :30000, :30020, :30100...).


Message Edited by randyl on 07-27-2008 03:51 PM

yep yep  i have no knowledge of the latest stuff sorry

 

edited for  below ::

 

Your name server, at 151.164.11.213, appears to be safe, but make sure the ports listed below aren't following an obvious pattern (:1001, :1002, :1003, or :30000, :30020, :30100...).


Message Edited by randyl on 07-27-2008 03:51 PM

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

4 of 11 (1,671 Views)
0
(0)
  • Rate this reply
View profile
Jul 27, 2008 2:00:37 PM
0
(0)
New Member

Good, at least some of the DNS servers are not vulnerable.

 

In the Atlanta area, I get the following results from doxpara.com:

 

Your name server, at 66.73.20.31, appears vulnerable to DNS Cache Poisoning.

All requests came from the following source port: 35520

So, any idea on how to ask AT&T about this directly?  I doubt calling Customer Service will get me to the right people (just a guess, since I am new to U-Verse ).

 

BTW, Thanks for the quick response randyl. 

Good, at least some of the DNS servers are not vulnerable.

 

In the Atlanta area, I get the following results from doxpara.com:

 

Your name server, at 66.73.20.31, appears vulnerable to DNS Cache Poisoning.

All requests came from the following source port: 35520

So, any idea on how to ask AT&T about this directly?  I doubt calling Customer Service will get me to the right people (just a guess, since I am new to U-Verse ).

 

BTW, Thanks for the quick response randyl. 

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

5 of 11 (1,671 Views)
0
(0)
  • Rate this reply
View profile
Jul 27, 2008 2:22:16 PM
0
(0)
Master

maybe try an email to  :

david

 

he gets tons so  maybe try in subject  "new dns exploit not the old one ?   "   etc

he works the dsl side of at&t less he has moved functions ??    he helped out on the last probelm with the rg3800   fyi

 

 

a thought

randy

maybe try an email to  :

david

 

he gets tons so  maybe try in subject  "new dns exploit not the old one ?   "   etc

he works the dsl side of at&t less he has moved functions ??    he helped out on the last probelm with the rg3800   fyi

 

 

a thought

randy

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

6 of 11 (1,671 Views)
0
(0)
  • Rate this reply
View profile
Jul 28, 2008 5:25:44 PM
0
(0)
Professor
Something you could do is use OpenDNS in the meantime. It isn't affected.
Something you could do is use OpenDNS in the meantime. It isn't affected.

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

7 of 11 (1,671 Views)
0
(0)
  • Rate this reply
View profile
Jul 30, 2008 5:51:02 AM
0
(0)
New Member

Thanks for the suggestion. I checked again today and the DNS server (66.73.20.52) seems to be safe according to www.doxpara.com. Of course, that is not the DNS server listed in the 2wire setup (68.94.156.1). Both are listed as AT&T in Richardson, so I feel Ok now.

 

I did notice that the DNS server it tests with my office VPN is different (naturally). It is listed as possibly vulnerable. According to whois, it is a Bellsouth IP, so maybe not all of AT&T is patched yet. BTW, my original tests over the weeked were without the VPN.


I am still going to be a little paranoid, but now I can probably use my online banking again :smileyhappy:.


(Thanks for the suggestion on OpenDNS. I couldn't easily use it on my laptop since I bounce between networks and depend on DHCP to reconfigure things. The 2wire RG does not seem to let me override the DNS server for the whole local net like my older router gateways did).

 

Thanks for the suggestion. I checked again today and the DNS server (66.73.20.52) seems to be safe according to www.doxpara.com. Of course, that is not the DNS server listed in the 2wire setup (68.94.156.1). Both are listed as AT&T in Richardson, so I feel Ok now.

 

I did notice that the DNS server it tests with my office VPN is different (naturally). It is listed as possibly vulnerable. According to whois, it is a Bellsouth IP, so maybe not all of AT&T is patched yet. BTW, my original tests over the weeked were without the VPN.


I am still going to be a little paranoid, but now I can probably use my online banking again :smileyhappy:.


(Thanks for the suggestion on OpenDNS. I couldn't easily use it on my laptop since I bounce between networks and depend on DHCP to reconfigure things. The 2wire RG does not seem to let me override the DNS server for the whole local net like my older router gateways did).

 

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

8 of 11 (1,671 Views)
0
(0)
  • Rate this reply
View profile
Jul 30, 2008 5:11:36 PM
0
(0)
Employee
Are you referring to the DNS vulnerability that caused Firefox 3.01 and at lot of other major programs to release updates around July 19th?
Are you referring to the DNS vulnerability that caused Firefox 3.01 and at lot of other major programs to release updates around July 19th?
*I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

9 of 11 (1,671 Views)
0
(0)
  • Rate this reply
View profile
Aug 1, 2008 2:30:45 AM
0
(0)
New Member

I'm not sure. The doxpara site explains it fairly well.

 

The release notes for 3.0.1 doesn't mention any DNS issues fixed: http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.1

 

My guess is that this DNS issue can't be fixed on the client. It must be fixed on the DNS server itself.

 

I'm not sure. The doxpara site explains it fairly well.

 

The release notes for 3.0.1 doesn't mention any DNS issues fixed: http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.1

 

My guess is that this DNS issue can't be fixed on the client. It must be fixed on the DNS server itself.

 

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

10 of 11 (1,671 Views)
0
(0)
  • Rate this reply
View profile
Aug 1, 2008 2:55:51 AM
0
(0)
Master
mine say's that it appears to be safe...
Dennis
mine say's that it appears to be safe...
Dennis

Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

11 of 11 (566 Views)
Share this post
Share this post