Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Cache Poisoning Spreads Malware

Posted by timothy on Wednesday April 6, 2005 @05:24AM from the cold-hard-cache dept.

Gamma_UCF writes "As of April 4, 2005 the SANS Internet Storm Center has raised their alert level to Yellow following a rash of active DNS poisonings. The infected DNS servers are re-directing users from popular sites such as Google or American Express to malware infecting advertising sites. According to the ISC presentation on the attack, it is believed to be linked to known spammers and malware distributors. The full presentation of information up until this point can be found here."

1 of 314 comments (clear)

djbdns by Anonymous Coward · 2005-04-06 06:44 · Score: 0, Troll

I'm surprised at how few people have pointed out that djbdns is, and always has been, immune to this type of attack.

My DNS server is a soekris box (small form-factor machine) that runs djbdns off a RAM disk (loaded from a CF card).

Besides a UPS battery failure last year, the box has not been rebooted, had a high CPU load, run out of space (thanks, multilog!) or done anything other than it's job for several years now.

Why do people still torture themselves with BIND (or Windows *shudder*). Set up a little PC with FreeBSD, SSH only from the inside LAN, and djbdns. Nothing else. You won't have a single problem with it, and you don't even have to patch it.