proxy and DNS
jonathan
win2k server with win2k clients using proxy 2 on the server with exchange
5.5, everything works fine.
But we do have a problem with DNS spoofing, occasional and i must admit they
are getting more frequent (proberly because some 1 scanning my static ip on
the outside has found an open port or a way in and keeps comming back) they
sucessful spoof our dns server, I know this from my blackice firewall
software. I have spoken to a few people and they say i can't do anything
with the dns setting win2k to stop this, this brings me to my question,
within proxy is there a filter i can use, apart from the dns predifined
filter to block this? We don't host any websites, we just use internal name
resolutions.
cheers all.
Todd J Heron
What do you mean by that?
--
Todd J Heron
todd_heron at hotmail dot com
"jonathan" <jon...@hotmail.com> wrote in message
news:akirh7$21o$1$830f...@news.demon.co.uk...
Phillip Windell
news:#Itz$ZvTCHA.1252@tkmsftngp10...
> "But we do have a problem with DNS spoofing"
>
> What do you mean by that?
That's what I'd like to know too. In my humble opinion, 75%-80% of these
situations where someone thinks "such-and-such" is happening, is really not
happening at all. Many people either misinterpret what they are seeing, or
they are running IDS software that is giving them false-alarms (of a
combination of the two).
--
Ancient Chinese Secret:
If it is really, really, hard to do, then you
are probably doing it wrong to begin with.
Phillip Windell
pwin...@wandtv.com
WAND-TV (ABC Affiliate)
www.wandtv.com
jonathan
every attempt to hack into the system, i know this logging is accurate from
testing. DNS spoofing is the term given for some 1 re-directing from one
website to another, for exampl. I am doing on line banking, to get to this
website i go through a DNS server, some is spoofing this DNS server, they
can without my knowledge re-direct traffic i am sending to the onlining
banking website to a website or server of his choice, meaning he is getting
all my secure bank info. As you can see this is a huge problem for the I.T
indeustry as a whole, a new secure DNS bind protocol is been delevloped but
keeps getting deleyed, this does not solve my problem though. i was hoping
some1 on here might know of a firewall or somethign to block this dns
spoofing.
"Phillip Windell" <pwin...@wandtv.com> wrote in message
news:utujzd2TCHA.4240@tkmsftngp08...
Todd J Heron
effecting your production? I don't think there's anyway to stop it.
--
Todd J Heron
todd_heron @ hotmail dot com
"jonathan" <jon...@hotmail.com> wrote in message
news:al29v4$a5k$1$830f...@news.demon.co.uk...
jonathan
from our developer, hence we don't want some 1 hijacking our internet
traffic, these attack are by the same person everyday. although blackice
knows it's an attack it cannot stop it because dns requests are essential to
TCPIP and the internet.
isa server stops this kind of attact but we are not in a position to move
over to isa yet, i was hoping proxy 2 provided something similar.
jon
"Todd J Heron" <todd_heron@no_spam.hotmail.com> wrote in message
news:uJs10U2UCHA.1644@tkmsftngp08...
Phillip Windell
> isa server stops this kind of attact but we are not in a position to move
> over to isa yet, i was hoping proxy 2 provided something similar.
> jon
It doesn't sound like the Proxy's job or ISA's job. It is the job of the DNS
server that is being attacked. If the DNS Server is outside your Proxy
(probably belongs to the ISP?) then how in the world is a Proxy server gonna
solve that?...it doesn't have anything to do with it. Whoever is
responsible for the DNS Server has to correct this so the DNS Server is no
longer vulnerable.
The word "spoofed" gets thrown around so much it has lost it's meaning like
the term "crash" has. What does it *really* mean? *How* is this attack
performed? You have to know that before you can know what to do about it.
In the meantime use all *IP#s* for this type of transfers instead of FQDNs
and DNS will *never* get used to begin with. If no DNS is used then the
attacker can "spoof" himself silly and it won't do any good.