View Full Version : Has Your Cellular Provider Patched Their DNS Servers?
Ed Hansberry
07-29-2008, 07:00 PM
<div class='os_post_top_link'><a href='http://www.dnsstuff.org' target='_blank'>http://www.dnsstuff.org</a><br /><br /></div><p>I am sure most of you by now are at least aware of the DNS Poisoning vulnerability that affects all DNS servers around the world, and where many vendors, including Microsoft, Cisco and Redhat, released patches to their products on the same day in July before exploit code could be written. If you aren't aware of it, <a href="http://en.wikipedia.org/wiki/DNS_cache_poisoning" target="_blank">Wikipedia has a pretty good overview</a>.<br /><br />As of right now, <a href="http://www.doxpara.com/?p=1191#comments" target="_blank">over half of the worlds DNS servers have not been patched</a>, even though their vendor has likely released an update, <a href="http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9110907&intsrc=hm_list" target="_blank">unless they run Mac OS-X Server</a>.<br /><br />One of the main reasons someone would use this exploit is to make you think you are on a secure and familiar site, like your banks website. If you typed www.mybank.com in your browser, your DNS server could actually be tricked into redirecting you to some server in Russia that looked exactly like your banks site, and your browser would still show www.mybank.com in the URL at the top. Because many of us access this information on our devices, we should be able to trust the DNS server our phone is using, which is usually provided by our cellular provider. I finally found a test that works on Windows Mobile devices. Head over to <a href="http://www.dnsstuff.com" target="_blank">DNSStuff.com</a> and run the "DNS Vulnerability Check" in the lower left. In order to get the button to be visible and work, you may have to put Pocket IE into "desktop" mode. I am pleased to say that T-Mobile USA got all Good and Great marks on each of the tests, at least on their DNS servers in Washington state.</p><p>If your provider fails the tests, you should contact them. You can also override the DNS entries in your internet connection settings to use the free DNS servers at <a href="http://www.opendns.org" target="_blank">OpenDNS.org</a>.</p>
blazingwolf
07-29-2008, 08:35 PM
Thanks for the heads up on this Ed. I checked Verizon Wireless in Virginia and they report Good for just about everything. The only exception being a great for Source port standard deviation.
My Verizon DSL is another matter. It shows poor for all source port tests. Maybe a cal to customer service is in order for this. :eek:
rlobrecht
07-29-2008, 09:52 PM
Thanks Ed. I just checked AT&T wireless (3G) in Houston, and everything is labeled as GOOD.
Ed Hansberry
07-29-2008, 10:40 PM
My Verizon DSL is another matter. It shows poor for all source port tests. Maybe a cal to customer service is in order for this. :eek:
I'd be switching my home router to OpenDNS.org in about 2 seconds on that deal. I switched to OpenDNS.org a few months ago because I could block sites (adware, porn, etc) from ever entering my home LAN. The side benefit is I don't care if my cable provider is on top of things on patching their DNS servers. OpenDNS.org was one that worked closely with the industry to get this patched fast.
blazingwolf
07-30-2008, 12:08 AM
I'd be switching my home router to OpenDNS.org in about 2 seconds on that deal. I switched to OpenDNS.org a few months ago because I could block sites (adware, porn, etc) from ever entering my home LAN. The side benefit is I don't care if my cable provider is on top of things on patching their DNS servers. OpenDNS.org was one that worked closely with the industry to get this patched fast.
Done. :D
Thanks again for this. Very timely info that is coming in very useful for me.
Phillip Dyson
08-05-2008, 07:23 PM
I'd be switching my home router to OpenDNS.org in about 2 seconds on that deal.
I would like to do this. I've actually already created an account. I have a Linksys G router and noticed a DNS service that can be enabled. Is this where I would configure it to use OpenDNS.org?
Also, would I install the dynamic update client to one of my PCs or is there some way to set that up in the router?
thanks
Ed Hansberry
08-05-2008, 11:32 PM
I would like to do this. I've actually already created an account. I have a Linksys G router and noticed a DNS service that can be enabled. Is this where I would configure it to use OpenDNS.org?
Also, would I install the dynamic update client to one of my PCs or is there some way to set that up in the router?
thanks
I have a Lynksys G as well. On the initial page where you can type in the DNS servers, type in the OpenDNS.org dns server addresses. If you only wnat to use their DNS services, your done. If you want to use their filtering services, like blocking porn or adware sites, you'll need to do a few more steps.
On the DDNS page, you'll need to get a Dynamic DNS number. I use DynDNS.org - which you'll need an account for. This is so OpenDNS can find your IP address. I then use a program called OpenDNS Updater at http://blog.opendns.com/2007/09/07/mac-dynamic-ip-updater/ that can communicate with OPenDNS.org periodically.
It took me about 20 minutes to sign up for everything and get it all working, but now that I have, it is trouble free, and free of cost as well.
vBulletin® v3.8.9, Copyright ©2000-2019, vBulletin Solutions, Inc.