ctceo
Premium
join:2001-04-26
South Bend, IN
clubs: | Dead Link
The link »www.doxpara.com/?p=1176 referred to in the old thread does not work. The one at »entropy.dns-oarc.net/test/ , however does. |
|
baineschile
2600
Premium
join:2008-05-10
Sterling Heights, MI | OpeNDNS
The only way to go. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·AT&T Southeast
 ·Vonage
 ·Cingular Wireless
·AT&T CallVantage
1 edit | said by baineschile  :The only way to go.
OpenDNS is certainly ONE solution, but it is definitely NOT the ONLY solution. 
In fact, the DNS servers used by your ISP (Comcast) are also immune to the Kaminsky DNS vulnerability referred to in the article.
said by Dan Kaminsky :
I do think Nominum, and ComCast by extension, need some credit for working to develop more intensive protections against this attack...
It's not every day that Comcast and I are on the same side of the fence (ahem, net neutrality). This is however a much graver threat, and frankly more ISP's need to follow Comcast's lead here (now there are words I never thought I'd write!).
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers. |
|
robl27
Premium
join:2008-07-16
Mary Esther, FL | there's also
4.2.2.2
4.2.2.3 which are level 3 hosted DNS sites. |
|
jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
| reply to NetFixer
said by NetFixer :said by baineschile :The only way to go. OpenDNS is certainly ONE solution, but it is definitely NOT the ONLY solution. In fact, the DNS servers used by your ISP (Comcast) are also immune to the Kaminsky DNS vulnerability referred to in the article. That is correct.
Jason
--
JL
Comcast |
|
baineschile
2600
Premium
join:2008-05-10
Sterling Heights, MI | reply to NetFixer
Obviously there are plenty of alternatives, most which are safe. I just saw such an increase in page loading and java when i switched to OPEN DNS |
|
AnonNane
@trit.net | 1 In 10 DNS Servers Vulnerable...
I wonder if 1 in 10 Internet users know what this means?  |
|
jester121
Premium
join:2003-08-09
Lake Zurich, IL
 ·surpasshosting
·ViaTalk
| reply to robl27
Re: OpeNDNS
Level 3 mentioned in passing (about the time the details on the cache poisoning proof of concept came out) that they would eventually be shutting off public access to their beloved and ubiquitous 4.2.2.x DNS servers.
That will be a very interesting day in the IT field, when we learn who's sloppy and who's not. |
|
kieranmullen
Premium
join:2005-12-12
Portland, OR
clubs:
·Gizmo5
·Skype
·Vitelity VOIP
·magicjack.com
 ·Verizon FIOS
·Vonage
·ViaTalk
·VoicePulse
| Is it considered sloppy to put clients on OpenDNS rather than their ISP's dns? I mean OpenDNS has so many other nice options as far as filtering goes as well and the ads are not a big turnoff.
said by jester121 :Level 3 mentioned in passing (about the time the details on the cache poisoning proof of concept came out) that they would eventually be shutting off public access to their beloved and ubiquitous 4.2.2.x DNS servers. That will be a very interesting day in the IT field, when we learn who's sloppy and who's not. |
|
backfeed
is giving feedback
join:2002-12-16
Peru, IN
·Comcast Digital Vo..
 ·Comcast Formerly ..
| reply to jester121
I am using Open DNS now on my networks, I have used Level 3's in a pinch, but I always thought that it was wrong to use them as a standard. They do work good, but I am really surprised that they have left them open to the public for so long...
--
There is 10 types of people. Those whom can read Binary and those who cannot. |
|
jester121
Premium
join:2003-08-09
Lake Zurich, IL
·surpasshosting
·ViaTalk
| reply to kieranmullen
No clue about that, we run our own internal DNS. The thing is that Level 3's 4.2.2.x servers aren't "officially" open to the public like OpenDNS ones are, they've just been around forever and easy to remember. I use them occasionally for troubleshooting or if I need to go to an ISP website to fix someone's computer... |
|
kieranmullen
Premium
join:2005-12-12
Portland, OR
clubs:
·Gizmo5
·Skype
·Vitelity VOIP
·magicjack.com
·Verizon FIOS
·Vonage
·ViaTalk
·VoicePulse
2 edits | said by jester121 :No clue about that, we run our own internal DNS. The thing is that Level 3's 4.2.2.x servers aren't "officially" open to the public like OpenDNS ones are, they've just been around forever and easy to remember. I use them occasionally for troubleshooting or if I need to go to an ISP website to fix someone's computer... They are the servers that are used for Verizon Fios Setup too! I wonder if they have some sort of agreement with them. Simply typing DNS in the help section of Verizon.net did not yield any results except for a dial up dns server. |
|
knightmb
Everybody Lies
join:2003-12-01
Franklin, TN
·AT&T DSL Service
| reply to AnonNane
Re: 1 In 10 DNS Servers Vulnerable...
said by AnonNane :I wonder if 1 in 10 Internet users know what this means? Good point. 
--
Fight NebuAD and the like:
Click Here to pollute their data |
|
DOStradamus
MVM
join:2003-11-04
Santa Rosa, CA
| Drinking Milk Leads to Heroin Addiction, Too!
I stronly suspect that the over-simplified definition of "vulnerable" is leading to inflated figures to one degree or another.
I run my own DNS, AUTH for the handful of names I own, and purposely run it open/recursive. Why? I often need DNS access for troubleshooting purposes, for situations where the DNS servers a client is supposed to use can't be foundor determimned, and a couple others.
My DNS isn't vulnerable, however. Why? Along with DNS, I also run email, FTP,SSH,HTTP.and a few other services. I monitor them all for single-dight thresholds of failed logins, "404"s, and a dozen or so DNS lookups, that originate from the same /24 network. When "hit", a text message is sent to my cellphone alerting me about the door that's about to be slammed shut.
I'd love to see someone grab the Tarpit code from Iptables, and package it into a command where I can send an abusive connection to "Pico and Sepulveda"...
-NK
|
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
3 edits | reply to kieranmullen
Re: OpeNDNS
said by kieranmullen :They are the servers that are used for Verizon Fios Setup too! I wonder if they have some sort of agreement with them. Ask and ye shall receive 
The reason that the 4.2.2.x DNS servers are frequently referred to as Level3 servers is that the IP NetRange/CIDR is owned by Level3.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers. |
|
kieranmullen
Premium
join:2005-12-12
Portland, OR
clubs:
·Gizmo5
·Skype
·Vitelity VOIP
·magicjack.com
·Verizon FIOS
·Vonage
·ViaTalk
·VoicePulse
1 edit | ask... well I suppose I could have looked it up as well.
Why would level3 have a hold on IP blocks from verizon? You would think that verizon would have many of its own blocks registered.
»www.isp-planet.com/news/2002/lvl···129.html
Level3 bought genuity.com which was the networking GTE I believe. Verizon bought GTE.
Nevermind its a mess that does not benefit me knowing in anyway. I will just assume for the foreseeable future that the Level 3 servers will work with Verizon FIOS |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
1 edit | said by kieranmullen :Why would level3 have a hold on IP blocks from verizon? You would think that verizon would have many of its own blocks registered. Why would Microsoft need to use Akamai Technologies servers and IP adresses? The simple answer is that corporations sub contract and sub lease services and properties from other corporations all the time.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers. |
|
kieranmullen
Premium
join:2005-12-12
Portland, OR
clubs:
·Gizmo5
·Skype
·Vitelity VOIP
·magicjack.com
·Verizon FIOS
·Vonage
·ViaTalk
·VoicePulse
| I believe the above lends some information on the intermixing...
said by NetFixer :said by kieranmullen :Why would level3 have a hold on IP blocks from verizon? You would think that verizon would have many of its own blocks registered. Why would Microsoft need to use Akamai Technologies servers and IP adresses? The simple answer is that corporations sub contract and sub lease services and properties from other corporations all the time. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·AT&T Southeast
·Vonage
·Cingular Wireless
·AT&T CallVantage
| said by kieranmullen :I believe the above lends some information on the intermixing...
I believe the term for this type of perpetual post buyout/merger usage is grandfathering.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers. |
|
NetAdmin
CCNA
join:2008-05-22
| reply to jester121
said by jester121 :That will be a very interesting day in the IT field, when we learn who's sloppy and who's not. Or who can remember their ISPs DNS servers. 4.2.2.2 was such a great server because it was so easy to use during an initial setup when you didn't have easy access to your ISPs DNS addresses or just plain forgot the DNS server address.
--
---
Drilling for more oil is akin to giving a methhead the keys to the meth lab. |
|
