Results 1 to 4 of 4

Thread: Patch and security for Dan Kaminski's DNS Flaw

Hybrid View

  1. #1
    za_avastfan Guest

    Default Patch and security for Dan Kaminski's DNS Flaw

    Dear Zone Alarm Forum Gurus,

    Is my system fully patched against the Dan Kaminsky DNS vulnerability given the below configuration?

    Was the recent MS Patch which caused the loss of internet connectivity in response to this DNS vulnerability?

    Given that the patch and the new version of ZA Pro are on my PC do these render my PC now protected?

    I have described below the configuration and tests I completed as best I could, however my lack of PC knowledge in this area prevents me from forming an informed conclusion.

    Any help, suggestions or comments would be greatly appreciated.

    Have a great weekend everyone and thanks in advance!

    ZAavastfan

    - DLink - DI604 Ethernet Broadband Router (Cable Internet Connection)
    - Zone Alarm Pro 7.0.483.000
    - Avaast Professional 4.8.1229
    - Window$ XP Pro SP3 - All updates and patches applied
    - Running Window$ in restricted account mode
    - Firefox 3.0.1
    - NoScript 1.7.7
    - Adblock Plus 0.7.5.5

    I update (and check for updates) daily for all of the above items. They are all fully patched and running the latest versions as of today.

    Please note for the below tests I replaced the IP with xxx.xxx.xxx.xxx for privacy and security reasons.

    The DNS checker test at Dan Kaminsky's site (http://www.doxpara.com/) reported:

    Your name server, at XXX.XXX.XXX.XXX, may be safe, but the NAT/Firewall in front of it appears to be interfering with its port selection policy. The difference between largest port and smallest port was only 99.

    Please talk to your firewall or gateway vendor -- all are working on patches, mitigations, and workarounds.

    Requests seen for 9a901d62cadb.toorrr.com:
    XXX.XXX.XXX.XXX:33166 TXID=48743
    XXX.XXX.XXX.XXX:33075 TXID=36982
    XXX.XXX.XXX.XXX:33173 TXID=58353
    XXX.XXX.XXX.XXX:33174 TXID=6157
    XXX.XXX.XXX.XXX:33098 TXID=32056

    And the DNS vulnerability test at http://member.dnsstuff.com/pages/too...e=free#group_2 reported:

    This DNS server is NOT vulnerable!

    DNS Server Address Query source port Query ID
    XXX.XXX.XXX.XXX 32802 27572
    XXX.XXX.XXX.XXX 33311 2504

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Patch and security for Dan Kaminski's DNS Flaw

    Your own computer is okay, in terms of this dns vulnerability of recent.
    Oldsod.
    Best regards.
    oldsod

  3. #3
    za_avastfan Guest

    Default Re: Patch and security for Dan Kaminski's DNS Flaw

    Hi OldSod,

    Thanks for the reply, much appreciated!

    ZA_Avastfan

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Patch and security for Dan Kaminski's DNS Flaw

    You are welcome, ZA_Avastfan.
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •