Rogers DNS Vulnerability
Monday, July 28th, 2008This post is a break form development news on the Moodle stats plug-ins to talk about a new DNS vulnerability that could affect all Rogers users in Canada (or at least Ontario).
Update: euphoracle from the #CompSci.ca IRC room called up Rogers tech support and after getting threw the first few “tiers” of teach support asking him to run virus scans got to a Rogers tech that knew about the issue and claimed that they are working on the problem but there is currently no ETA. So it seems Rogers knows about the issue but has yet to fix it.
Earlier this month news of a new DNS attack was leaked to the public with details a method to poison the cache of a DNS server and allow an attacker to redirect any domain to there own ip/site.
The implications of this are massive but i will not go in to the details as that has been talked about already on many more popular blogs and in some media sources. What i do want to talk about is Rogers (one of the largest Canadian cable ISPs).
All DNS providers (including ISPs) have had since July 8th to patch and/or fix this vulnerability but from some simple testing the #compsci.ca IRC room and my self have conducted it seems that Rogers has failed to put any kind of protection in place to stop this attack (witch is ironic as they just started hijacking there own DNS server to place ads on 404 pages).
If you are a rogers user you should immediately change your DNS settings to use a secure server such as the bell ones ( 207.164.234.193 and 207.164.234.129) or use OpenDNS (witch has some ads on 404 pages). I would also recommend that all Rogers customers tell Rogers to patch there system ASAP.
If you want to see if your DNS server is secure check out http://www.doxpara.com/?p=1176 (thanks to Dan Kaminsky) and click on “Check my DNS” on the right hand side. This is what we used to test Rogers and other CompSci.ca users ISPs.