D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: Alemaker on July 24, 2008, 12:02:03 PM

Title: DNS Server poisoning patch??
Post by: Alemaker on July 24, 2008, 12:02:03 PM

Hi,
Recently a major DNS flaw was discovered and many DNS servers were not patched. My ISP supposedly patched their DNS server but when I check, I get this message:

"Your name server, at xx.xx.xx.xxx, may be safe, but the NAT/Firewall in front of it appears to be interfering with its port selection policy. The difference between largest port and smallest port was only 428. Please talk to your firewall or gateway vendor -- all are working on patches, mitigations, and workarounds."

Tech support couldn't help, anyone know if D-Link is working on this???  ???

Title: Re: DNS Server poisoning patch??
Post by: smapdi on July 25, 2008, 02:24:05 AM

Correct me if I am wrong, but doesn't this attack need to be targeted at a particular DNS server, i.e. you? I am not sure if the DIR-655 even uses DNS caching (I know there is a DNS Relay option somewhere in the admin pages). If there is no cache, all DNS requests should be forwarded to its DNS server anyway.

Title: Re: DNS Server poisoning patch??
Post by: Alemaker on July 29, 2008, 09:36:21 PM

NAT routers can limit queries to a small range, that is why I am asking.

Title: Re: DNS Server poisoning patch??
Post by: fgl30 on July 30, 2008, 05:10:08 AM

Anyway, the DNS cache poisoning is for real... and most DNS (this moment) are candidats to possible attack... They recommend OpenDNS... I tried... it´s amazing... really really amazing... poisoning free, and a LOT of features for FREE, if you create your free network. Anti-pishing, ****-block, site/domain block and amazing shortcuts... now to access www.google.com, all I have to do is type 'gg' in my browser... You can make a total control of your network... there are several levels of blocking, or you can make a total customizable level of blocking in your Dashboard... I recommend a try. Regards.

Title: Re: DNS Server poisoning patch??
Post by: Alemaker on August 01, 2008, 08:34:23 PM

@fgl30
I appreciate the acknowledgement that this is a serious issue ;), and the fact that the researcher who found it has a tool on his website to check to see if your DNS server is patched. His site is www.doxpara.com
 
   Further investigation on Mr. Kaminsky's site reveals that the error message about the NAT/Firewall issue seems to be if the DNS server itself is behind a NAT and not from the client side. There seems to be some confusion about this though. It is entirely plausible that a NAT device (i.e. your DSL/cable router, a Cisco router, etc) is rewriting the source ports to a not-so-random sequence. Also, some routers run dnsmasq by default, unpatched versions of dnsmasq are at risk, therefore so are all routers that use it.

    .