Results 1 to 2 of 2

Thread: Microsoft Update KB951748 causes loss of Internet Access

  1. #1
    Join Date
    Aug 2006

  2. #2
    Join Date
    Aug 2006
    I just read about this on other news sites regarding the DNS vulnerability.. From what I gathered, the vulnerability mainly effects DNS servers and has little to do with non DNS server windows users.

    What I read about the vulnerability is that it allows an attacker to exploit a DNS server, eventually gaining control of the DNS server. From there the attacker and start spoofing the DNS server info, such as the IP address that a real website URL is located at, causing end users to load a fake website at a different IP address...

    How would patching an end users system stop a DNS server from sending them a spoofed IP address?// The patch has been noted to allow DNS requests on random UDP ports, which makes it more difficult for an attacker to match the UDP port that the end users DNS request came from. Say, they see your request via a pwnd DNS server down the line, your request comes from port 447 every time, they set their pwnd box to port 447, the next time you send a DNS request, it comes from port 58, their pwnd box doesn't get it, unless it's listening to that port.. To me it seams like a simple fix for the haxor to just listen to all ports for UDP..

    When a normal end user, that doesn't run a DNS server, attemts to go to a normal website, like yahoo or google, would be asking the DNS server for the website's IP address, but would be getting a spoofed IP address and website from a haxed DNS server.

    It just doesn't add up to more secure browsing.. Unles the end users KB update blocks all DNS connections and has some magic host file that knows all the current real DNS info and maybe a locally generated checksum on DNS requests using some form of encryption.. Not likely.

    Sites can change their IP addresses, and some have round robin load handling with multiple servers with different IP addresses, their DNS/ROUTERS say, that IP is busy, use the other one..... Most DNS servers are using a flavor of UNIX or LINUX, which from all the info I gathered, is not effected by the DNS vulnerability that windows DNS servers have.

    If you don't know what DNS is, it's the DOMAIN NAME SERVER, an IP address that your ISP assigns to your connection, so that when you request a URL, such as GOOGLE.COM or YAHOO.COM, your computer asks your ISP's DNS server where that URL is. The DNS server tells your computer that YAHOO.COM or GOOGLE.COM is at such and such IP address.. It's a back end process, handled by the ISP's hardware, as such, the patch should NOT have been directed at END users.. Ontop of that, the patch will not do anything to prevent a middle man attack that can be hosted from a remote machine intercepting DNS requests, they don't even need to attack a vulnerable DNS server to spoof an IP address that way, all they need to do is hide from routers and poison the backend hardwares DNS cache.

    Maybe it's important for businesses that run an INTRANET, based on windows products..

    If you have windows xp, 2000 or whatever and use it at home for just browsing the internet, you should already have those server processes/services disabled and not need the patch.. The only thing I see that might effect end users is that, with the patch, DNS requests can use random UDP ports, in order to make it more difficult to match the UDP port of the DNS server, but as I mentioned above, it's not difficult for an attacker to just listen for all UDP port requests.

    In an alternate reality, this update would make it easier for a DNS server to HIDE the REAL IP address of a REAL web url, making it easier for THEM, to provide YOU with FAKE internet all together, hiding all the info from the end user while they scan and probe all the little things you do on the internet, all the while making your system less secure so they can violate your privacy, and perhaps keep you from being able to access the REAL internet..

    A more direct reality.. I would be concerned with the update increasing the number of UDP ports open on your machine. Other than that, the number of broken connections that "Others" are contending with due to ZA being incompatible is enormous. This "security" update doesn't secure anything, other than maybe a certain number of people having to take their computers to a fee based PC repair tech when they can't figure it out.. Seems like there's more hands reaching into their pockets for PC repair fee's, gallons of gas to get there etc..

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts