Re: ISPs and the DNS Bug

["Åke Nordin" <polymorpevz () gmail com>]

On Tue, Jul 29, 2008 at 10:41 PM, Larry Seltzer <larry () larryseltzer com> wrote:
> Has anyone seen any tests of major ISPs and whether they've all patched the
> DNS bug? I only know that my own Verizon server is not vulnerable.
>
> I assume the real problem is all those vulnerable home routers out there.

My home router doesn't cache DNS (it simply nat's the query), but it's
rather old so it may not be representative of what's out there nowadays.
My provider was patched when I checked the first time, most Swedish
providers seems to have been when the sploits started to be published.
This info isn't from some grand survey, but a mailing list for web and
media types in Sweden which carried a "whodunit" thread a while ago.
I think the corporate world is worse.

Some Major Corporations out there were (still are?) vulnerable far longer
than one would believe. Methinks it's because the other odd IT manager
typically is on vacation and the acting people aren't all that comfy with
taking responsibility for a large update to the infrastructure. Quite a few
does their online banking from work (it even looks like working...8^)
so I'd wager that the majority of pharming victims will be there. A little
diligence from the pharmers will let them target corporations with poor
or nonexistent surveillance of it's infrastructure so the venture may have
a substantial chance of passing undetected until the banks start to
investigate the frauds.

-- 
Åke Nordin Unix/net geek, Netia.se consultant, Stacken member.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.