OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: DNS cache poisoning?

From: Rabinowitz, Michael CTR MDA/ION (Michael.Rabinowitz.CTRmda.mil)
Date: Wed Aug 17 2005 - 05:51:39 CDT


Hi,

The error message below is probably unrelated to the crashing. Domains
that resolve to resalehost.networksolutions.com are simply domains that
have expired with Network Solutions.

You'll have to do a little more investigating into the crashing. Also,
to echo what others have said: Whether it's a move to Win2k or a switch
to Unix, it is definitely time to upgrade.

Mike

-----Original Message-----
From: Willard Van Dyne [mailto:wvandynehotpop.com]
Sent: Monday, August 15, 2005 11:28 PM
To: incidentssecurityfocus.com
Subject: DNS cache poisoning?

Good day!

Our DNS server has been crashing far too frequently as of late. The OS
is WinNT4 SP6.

Many of the error messages in the system log goes like this:

"6/26/05,1:43:58 PM,Dns,Error,None,5108,N/A,DNS,DNS Server created CNAME

loop loading CNAME at resalehost.networksolutions.com.. One link in
CNAME
loop: DNS name resalehost.networksolutions.com. is alias for CNAME
resalehost.networksolutions.com.. See adjoining messages for other links
in
CNAME loop."

A Google search about the problem gets us reports that this looks like a

"cache corruption" vulnerability on Windows NT servers, and has to be
patched.

Is this true in our case?
If so, why is networksolutions.com doing this?
If not, is our network under attack by some other means?

I hope someone can enlighten us. Thanks!