Dear Zone Alarm Forum Gurus,
Is my system fully patched against the Dan Kaminsky DNS vulnerability given the below configuration?
Was the recent MS Patch which caused the loss of internet connectivity in response to this DNS vulnerability?
Given that the patch and the new version of ZA Pro are on my PC do these render my PC now protected?
I have described below the configuration and tests I completed as best I could, however my lack of PC knowledge in this area prevents me from forming an informed conclusion.
Any help, suggestions or comments would be greatly appreciated.
Have a great weekend everyone and thanks in advance!
- DLink - DI604 Ethernet Broadband Router (Cable Internet Connection)
- Zone Alarm Pro 7.0.483.000
- Avaast Professional 4.8.1229
- Window$ XP Pro SP3 - All updates and patches applied
- Running Window$ in restricted account mode
- Firefox 3.0.1
- NoScript 1.7.7
- Adblock Plus 0.7.5.5
I update (and check for updates) daily for all of the above items. They are all fully patched and running the latest versions as of today.
Please note for the below tests I replaced the IP with xxx.xxx.xxx.xxx for privacy and security reasons.
The DNS checker test at Dan Kaminsky's site (http://www.doxpara.com/) reported:
Your name server, at XXX.XXX.XXX.XXX, may be safe, but the NAT/Firewall in front of it appears to be interfering with its port selection policy. The difference between largest port and smallest port was only 99.
Please talk to your firewall or gateway vendor -- all are working on patches, mitigations, and workarounds.
Requests seen for 9a901d62cadb.toorrr.com:
And the DNS vulnerability test at http://member.dnsstuff.com/pages/too...e=free#group_2 reported:
This DNS server is NOT vulnerable!
DNS Server Address Query source port Query ID
XXX.XXX.XXX.XXX 32802 27572
XXX.XXX.XXX.XXX 33311 2504
Operating System:Windows XP Pro
Product Name:ZoneAlarm Pro