If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
US-CERT TCSA TA08-190B -- Multiple DNS implementations vulnerable to cache poisoning
You should stop reading things you don't understand. If the fix involves
patching your desktop OS, you're right, Windows 98 won't be patched. -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com "Vince" wrote in message ... On Wed, 9 Jul 2008 11:51:31 -0400, "MEB" meb@not wrote: III. Solution Apply a patch from your vendor There's nothing like reading multiple articles on something you know absolutely nothing about to make you feel dumber than a box of rocks. So . . . no patch will ever be forthcoming from Microsoft for Windows 9x, as it's well beyond its end of life. Is Win9x vulnerable to this problem? |
#12
|
|||
|
|||
US-CERT TCSA TA08-190B -- Multiple DNS implementations vulnerable to cache poisoning
Franc Zabkar wrote in
: On Thu, 10 Jul 2008 01:39:44 -0700, smith put finger to keyboard and composed: Franc Zabkar wrote in m: On Wed, 09 Jul 2008 15:55:09 -0700, smith put finger to keyboard and composed: Franc Zabkar wrote in m: To find out if the DNS server you use is vulnerable, click the "Check My DNS" button at this URL: http://www.doxpara.com/ I tried this and got a "your name server appears vulnerable message." However I noticed that the ip address in the message did not match the address for my DNS server in winipcfg. Is this normal that these two addresses would differ? I don't know, but in my case I've configured my router to use DNS Relay. This means that winipcfg shows my router's LAN IP as the DNS server address, and any DNS requests sent to it are relayed to one of two DNS servers whose addresses the router has learned from my ISP via PPP. Is it possible that your router is configured like mine, ie is your DNS IP, as reported by winipcfg, a LAN or WAN IP? - Franc Zabkar Beats me. I don't have a router that I know of. I plug my computer directly into a cable modem, and heaven only knows what the cable company does. I intended to get one but have never got around to it. I always assumed that the winipcfg address was the cable company's real dns server. Type your DNS address into the search box at this URL: http://ws.arin.net/whois If you get something like this ... OrgName: Internet Assigned Numbers Authority OrgID: IANA ... then it's a LAN address. Otherwise it's the WAN address of an external DNS server. - Franc Zabkar It was a WAN. The two DNS addresses in my winipcfg belong to my ISP and the address I see in the check dns box at http://www.doxpara.com/ appears safe message is 68.166.125.227, which belongs Covad Communications |
#13
|
|||
|
|||
US-CERT TCSA TA08-190B -- Multiple DNS implementations vulnerable to cache poisoning
On Thu, 10 Jul 2008 22:48:04 -0700, smith put finger
to keyboard and composed: It was a WAN. The two DNS addresses in my winipcfg belong to my ISP and the address I see in the check dns box at http://www.doxpara.com/ appears safe message is 68.166.125.227, which belongs Covad Communications http://en.wikipedia.org/wiki/Covad_Communications "The company offers DSL, Voice over IP, T1, Web hosting, managed security, IP and dial-up, and bundled voice and data services directly through Covad's network and through Internet Service Providers, value-added resellers, telecommunications carriers and affinity groups to small and medium-sized businesses and home users." I suspect that your ISP resells Covad's services and relays your DNS requests to Covad's DNS server. Having said that, the IP address you have given us equates to "smtp.cotse.net" which looks like your ISP's mail server ??? My own ISP's addresses, as reported by my router, are 192.231.203.3 and 192.231.203.132. However, just as in your case, Doxpara reports a different DNS address, namely 150.101.120.5, but all three addresses still belong to my ISP. FWIW, the following is what I see when I perform traceroutes to your address and to my own ISP's DNS addresses. C:\WIN98SEtracert 68.166.125.227 Tracing route to smtp.cotse.net [68.166.125.227] over a maximum of 30 hops: 1 * * * Request timed out. 2 30 ms 26 ms 25 ms lns10.syd6.internode.on.net [150.101.197.88] snip 15 260 ms 264 ms 264 ms COVAD.car1.Boston1.Level3.net [63.211.168.26] 16 * * * Request timed out. 17 * * * Request timed out. 18 294 ms 298 ms 298 ms smtp.cotse.net [68.166.125.227] Trace complete. C:\WIN98SEtracert 192.231.203.132 Tracing route to resolv.internode.on.net [192.231.203.132] over a maximum of 30 hops: 1 * * * Request timed out. 2 27 ms 26 ms 25 ms lns10.syd6.internode.on.net [150.101.197.88] 3 30 ms 26 ms 25 ms vl14.cor2.syd6.internode.on.net [150.101.197.83] 4 28 ms 32 ms 25 ms resolv.internode.on.net [192.231.203.132] Trace complete. C:\WIN98SEtracert 192.231.203.3 Tracing route to ns4.on.net [192.231.203.3] over a maximum of 30 hops: 1 * * * Request timed out. 2 26 ms 26 ms 25 ms lns10.syd6.internode.on.net [150.101.197.88] 3 25 ms 26 ms 25 ms vl14.cor2.syd6.internode.on.net [150.101.197.83] 4 51 ms 52 ms 52 ms gi0-3.bdr1.syd6.internode.on.net [150.101.199.24 5] 5 55 ms 52 ms 52 ms pos3-2.bdr2.adl2.internode.on.net [203.16.212.14 1] 6 49 ms 52 ms 52 ms po2.cor3.adl2.internode.on.net [203.16.212.155] 7 47 ms 52 ms 52 ms ns4.on.net [192.231.203.3] Trace complete. C:\WIN98SEtracert 150.101.120.5 Tracing route to resolv1.syd6.internode.on.net [150.101.120.5] over a maximum of 30 hops: 1 * * * Request timed out. 2 24 ms 28 ms 26 ms lns10.syd6.internode.on.net [150.101.197.88] 3 26 ms 25 ms 25 ms vl14.cor2.syd6.internode.on.net [150.101.197.83] 4 26 ms 25 ms 26 ms resolv1.syd6.internode.on.net [150.101.120.5] Trace complete. - Franc Zabkar -- Please remove one 'i' from my address when replying by email. |
#14
|
|||
|
|||
US-CERT TCSA TA08-190B -- Multiple DNS implementations vulnera
My Windows 98 Second Edition system is not vulnerable according to doxpara.com.
Here are the results for public benefit for those who are interested. Your ISP's name server, 68.87.85.101, has other protections above and beyond port randomization against the recently discovered DNS flaws. There is no reason to be concerned about the results seen below. -------------------------------------------------------------------------------- Requests seen for 8f63238a336e.toorrr.com: 68.87.85.101:17812 TXID=12982 68.87.85.101:18266 TXID=3941 68.87.85.101:17548 TXID=7778 68.87.85.101:17715 TXID=50436 68.87.85.101:17765 TXID=35677 ISNOM:ISNOM TXID=ISNOM I am using Comcast Cable. "Gary S. Terhune" wrote: You should stop reading things you don't understand. If the fix involves patching your desktop OS, you're right, Windows 98 won't be patched. -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com "Vince" wrote in message ... On Wed, 9 Jul 2008 11:51:31 -0400, "MEB" meb@not wrote: III. Solution Apply a patch from your vendor There's nothing like reading multiple articles on something you know absolutely nothing about to make you feel dumber than a box of rocks. So . . . no patch will ever be forthcoming from Microsoft for Windows 9x, as it's well beyond its end of life. Is Win9x vulnerable to this problem? |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
US-CERT TA08-189A -- Microsoft Office Snapshot Viewer ActiveX Vulnerability | MEB[_2_] | General | 0 | July 9th 08 12:57 AM |
US CERT - Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities | MEB[_2_] | General | 7 | June 19th 08 01:19 AM |
US CERT - Security Alert TA08-162A -- SNMPv3 Authentication Bypass Vulnerability | MEB[_2_] | General | 0 | June 11th 08 07:17 AM |
Win98 NOT vulnerable to WMF? | GregRo | General | 5 | January 14th 06 06:21 PM |
Win98 vulnerable to .wmf malware? | PA Bear | General | 36 | January 7th 06 07:03 PM |