Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


Microsoft offers DNS cache poisoning solution

Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

April 8, 2005

Microsoft has recently updated its customer security advisories for protecting its Windows Server 2003 and Server 2000 software against DNS cache poisoning attacks, as a swift response to heightened security alerts.

The software giant revised its recommended settings for some Windows Server products late Wednesday, clarifying which default configurations could leave computers open to the DNS poisoning threat.

The security update was triggered by a report from the Internet Storm Center that it had received notices of a number of DNS cache poisoning attacks.

Sophistication of phishing attacks is increasing at a rapid pace.

DNS cache poisoning involves the practice of hacking into domain name servers and replacing the numeric addresses of legitimate Web sites with the addresses of malicious sites.

The scheme typically redirects Internet users to bogus Web pages where they may be asked for sensitive information or have spyware installed on their PCs,
an online assault that has also become known as "pharming."

In early March, ISC first warned of DNS cache poisoning attacks that were redirecting users to Web sites hosting malicious software, including spyware. The attacks involved several different technologies, including Microsoft server software and security applications made by antivirus specialist Symantec.

A second round of attacks in late March attempted to funnel Web surfers to sites that marketed prescription medications, and the spyware attacks reappeared over the course of the last week, the ISC said.

In a posting to the watchdog group's Web site, ISC researcher Kyle Haugsness said that the individuals launching the DNS attacks continue to shift their strategies to prey on those who have not updated their server settings.

"After monitoring the situation for several weeks now, it has become apparent that the attacker(s) are changing their methods and toolset to point at different compromised servers in an effort to keep the attacks alive," Haugsness wrote in the report.

The issue affects Windows Server 2003 (standard, enterprise and datacenter editions), Windows 2000 Server (also the advanced and datacenter versions) and Windows NT Server 4.0 standard edition, Microsoft said in its advisory. Servers with Service Pack 3 installed, or that run software sold after the update was released, are already protected from DNS cache pollution by default. Otherwise, the needed settings must be turned on using the products' DNS Management Console.

Get the best Linux or Windows Web hosting plan for your website.
Get the lowest rate and the best tech support on any Linux or Windows hosting plan. Learn more by clicking here.

ISC also outlined a second DNS cache poisoning scenario that exploits Microsoft products. Windows DNS servers, when they forward data to another server, expect the other servers to "scrub out" cache poisoning attacks. However, ISC said that in some cases, Windows DNS servers accept all data they receive in such transactions, regardless of their settings. The group recommended that people check to make sure that their server software is filtering out the DNS threats.

The increased frequency of DNS cache poisoning attacks led ISC to raise the threat rating for the problem to "yellow," indicating the emergence of a "significant new threat." The group's Infocon Internet infrastructure safety barometer, which tracks the gravity of threats to the Web's backbone, is similar to the color alerts used by the U.S. Department of Homeland Security.

While the yellow rating is only the third most severe score on ISC's four-color scale, it's worth noting that the group previously applied the same ranking to some of the Web's worst virus attacks, including the MSBlast and Slammer epidemics.

Source: C-Net News


Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca 2003    Terms of use    Privacy agreement    Legal disclaimer