Ask a question

    Reply
    Posted Jul 27, 2008
    12:37:19 PM
    Security of AT&T's Network - DNS Cache Poisoning Vulnerability

    Does anyone know how to send a question to AT&T about the security of their DNS? The support pages don't seem to cover that area.

     

    There is a current issue with their DNS servers that appears make them vulnerable to the DNS Cache Poisoning (see http://www.doxpara.com/ ). According to this site, AT&T's DNS servers have not been patched. This means you could surf to www.citibank.com and be directed to phony phishing site.

     

    I was just wondering what the offical AT&T position is. Until I know for sure this is covered, I won't feel safe logging onto any financial sites. If we can't trust DNS, then we can't trust anything we see :smileysad:.

    Security of AT&T's Network - DNS Cache Poisoning Vulnerability

    1,707 views
    10 replies
    (0) Me too
    (0) Me too
    Post reply
    View all replies
    (10)
    0
    (0)
    • Rate this reply
    View profile
    Jul 27, 2008 12:56:39 PM
    0
    (0)
    Master

    mphouston wrote:

    Does anyone know how to send a question to AT&T about the security of their DNS? The support pages don't seem to cover that area.

     

    There is a current issue with their DNS servers that appears make them vulnerable to the DNS Cache Poisoning (see http://www.doxpara.com/ ). According to this site, AT&T's DNS servers have not been patched. This means you could surf to www.citibank.com and be directed to phony phishing site.

     

    I was just wondering what the offical AT&T position is. Until I know for sure this is covered, I won't feel safe logging onto any financial sites. If we can't trust DNS, then we can't trust anything we see :smileysad:.


     

           old news   its been patched ...

           u cannot get to that page ne more 

           there were certain areas exposed without password protection but those have been changed..

           u will find older threads about this back a few months now...

     

          randy 

     

    Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

    2 of 11 (1,707 Views)
    0
    (0)
    • Rate this reply
    View profile
    Jul 27, 2008 1:30:07 PM
    0
    (0)
    Tutor

    Are you talking about flaw in the 2Wire RG? The one I saw from January 2008:

     

    MAJOR SECURITY FLAW IN ATT/2WIRE RG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

     

    I am not worried about that flaw since it was closed.

     

    I am talking about flaws in AT&T's internal DNS servers that we all rely on. Not the boxes in our homes :smileyhappy:.

     

    According to the doxpara site, AT&T's servers are still unpatched. (There is a nice link on that site that lets you test if your DNS servers are still vulnerable. Not sure how it tests it). The flaw was discovered around July 24 and accidentally made public before the DNS servers were patched. Right now, about 50% of the DNS servers are vulnerable.

     

    I normally don't worry about most vulnerabilities, but this one caught my eye since you don't have to go to shady sites, download trojans or any other unsafe practices. Just using DNS and getting unlucky is all it seems to take.

      

     

    Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

    3 of 11 (1,707 Views)
    0
    (0)
    • Rate this reply
    View profile
    Jul 27, 2008 1:46:32 PM
    0
    (0)
    Master

    yep yep  i have no knowledge of the latest stuff sorry

     

    edited for  below ::

     

    Your name server, at 151.164.11.213, appears to be safe, but make sure the ports listed below aren't following an obvious pattern (:1001, :1002, :1003, or :30000, :30020, :30100...).


    Message Edited by randyl on 07-27-2008 03:51 PM

    Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

    4 of 11 (1,707 Views)
    0
    (0)
    • Rate this reply
    View profile
    Jul 27, 2008 2:00:37 PM
    0
    (0)
    Tutor

    Good, at least some of the DNS servers are not vulnerable.

     

    In the Atlanta area, I get the following results from doxpara.com:

     

    Your name server, at 66.73.20.31, appears vulnerable to DNS Cache Poisoning.

    All requests came from the following source port: 35520

    So, any idea on how to ask AT&T about this directly?  I doubt calling Customer Service will get me to the right people (just a guess, since I am new to U-Verse ).

     

    BTW, Thanks for the quick response randyl. 

    Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

    5 of 11 (1,707 Views)
    0
    (0)
    • Rate this reply
    View profile
    Jul 27, 2008 2:22:16 PM
    0
    (0)
    Master

    maybe try an email to  :

    david

     

    he gets tons so  maybe try in subject  "new dns exploit not the old one ?   "   etc

    he works the dsl side of at&t less he has moved functions ??    he helped out on the last probelm with the rg3800   fyi

     

     

    a thought

    randy

    Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

    6 of 11 (1,707 Views)
    Highlighted
    0
    (0)
    • Rate this reply
    View profile
    Jul 28, 2008 5:25:44 PM
    0
    (0)
    Professor
    Something you could do is use OpenDNS in the meantime. It isn't affected.

    Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

    7 of 11 (1,707 Views)
    0
    (0)
    • Rate this reply
    View profile
    Jul 30, 2008 5:51:02 AM
    0
    (0)
    Tutor

    Thanks for the suggestion. I checked again today and the DNS server (66.73.20.52) seems to be safe according to www.doxpara.com. Of course, that is not the DNS server listed in the 2wire setup (68.94.156.1). Both are listed as AT&T in Richardson, so I feel Ok now.

     

    I did notice that the DNS server it tests with my office VPN is different (naturally). It is listed as possibly vulnerable. According to whois, it is a Bellsouth IP, so maybe not all of AT&T is patched yet. BTW, my original tests over the weeked were without the VPN.


    I am still going to be a little paranoid, but now I can probably use my online banking again :smileyhappy:.


    (Thanks for the suggestion on OpenDNS. I couldn't easily use it on my laptop since I bounce between networks and depend on DHCP to reconfigure things. The 2wire RG does not seem to let me override the DNS server for the whole local net like my older router gateways did).

     

    Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

    8 of 11 (1,707 Views)
    0
    (0)
    • Rate this reply
    View profile
    Jul 30, 2008 5:11:36 PM
    0
    (0)
    Employee
    Are you referring to the DNS vulnerability that caused Firefox 3.01 and at lot of other major programs to release updates around July 19th?
    *I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.

    Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

    9 of 11 (1,707 Views)
    0
    (0)
    • Rate this reply
    View profile
    Aug 1, 2008 2:30:45 AM
    0
    (0)
    Tutor

    I'm not sure. The doxpara site explains it fairly well.

     

    The release notes for 3.0.1 doesn't mention any DNS issues fixed: http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.1

     

    My guess is that this DNS issue can't be fixed on the client. It must be fixed on the DNS server itself.

     

    Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

    10 of 11 (1,707 Views)
    0
    (0)
    • Rate this reply
    View profile
    Aug 1, 2008 2:55:51 AM
    0
    (0)
    Master
    mine say's that it appears to be safe...
    Dennis

    Re: Security of AT&T's Network - DNS Cache Poisoning Vulnerability

    11 of 11 (602 Views)
    Share this post
    Share this post