I.m not going to blog every time SANS kicks out a slightly elevated threat level. If that.s the sort of thing you *want*, subscribe to their alert feed
The subject of the threat is about .DNS Poisoning.. I wrote about pharming (which is the cool way to say DNS poisoning) a couple of weeks ago. But the gist of the alert from the SANS folks is that there are some very specific attacks against certain DNS Servers (not clients) going on right now and that it has been building over the course of about a month.
Amazement & Dismay
When I read about these sorts of things I have an internal dialogue with two conflicting viewpoints. First, how the heck has the Internet, by-and-large, not had any big problems with Bad People hijacking DNS servers? Second, how the heck can big-name vendors be sending out products with such serious security problems?
What can you & I do?
Probably nothing. We use UNIX-based DNS here so we.re not considered vulnerable by SANS.
If you happen to be Windows or Symantec Gateway administrator, please be sure your software is patched to the latest specs and configured in a secure way. Here is a guide to securing Windows 2000 DNS. Here is some info from Symantec about issues with their products.