Help
test
Page 1 of 1
- You cannot start a new topic
Add Reply
DNS err post
#1
justonemore 
- Been here forever
-
- Group: Beta Tester
- Posts: 1,632
- Joined: --
- Gender:Male
- Location:Hamilton, NJ
- Interests:computers, motorcycles, gardening, family, home brewing,
Posted 07 April 2005 - 07:34 PM
I don't need no stinkin' signature
MultiQuote
#5
Skibum
- Skibumus Lazium Extremum
-
- Group: Admin
- Posts: 7,199
- Joined: --
- Gender:Male
- Location:Canton, Connecticut
- Interests:Waterskiing, Snowskiing, Home Automation, VOIP, Astronomy,
Posted 08 April 2005 - 08:28 AM
A DNS issue was the first thing I suspected... I switched last night too, and all was well again.
Does anyone know the cause?
Does anyone know the cause?
#6
justonemore
- Been here forever
-
- Group: Beta Tester
- Posts: 1,632
- Joined: --
- Gender:Male
- Location:Hamilton, NJ
- Interests:computers, motorcycles, gardening, family, home brewing,
Posted 09 April 2005 - 09:04 AM
Everything seems fine now
I don't need no stinkin' signature
#7
Skibum
- Skibumus Lazium Extremum
-
- Group: Admin
- Posts: 7,199
- Joined: --
- Gender:Male
- Location:Canton, Connecticut
- Interests:Waterskiing, Snowskiing, Home Automation, VOIP, Astronomy,
Posted 09 April 2005 - 09:17 AM
QUOTE
Comcast suffers DNS outage, denies pharming link
Company says outage unrelated to a spate of pharming attacks
By Paul Roberts, IDG News Service
April 08, 2005
Problems with the DNS (domain name system) servers at ISP (Internet service provider) Comcast Corp. prevented customers around the U.S. from surfing the Web Thursday, but the company said the interruptions were not linked in any way to a spate of recent DNS attacks known as "pharming" scams.
Comcast technicians noticed problems with the company's DNS servers at around 6:30 p.m. Eastern Time on Thursday. The problems interrupted DNS service to Comcast high-speed Internet customers across the U.S. just hours after The SANS Institute's Internet Storm Center advised ISPs to make sure their DNS servers were not vulnerable to a new spate of attacks. However, the outage was not caused by those attacks or by maintenance related to the attacks, according to company spokeswoman Jeanne Russo.
During the outage, Comcast customers who attempted to connect to Web sites such as Google (Profile, Products, Articles).com received frequent "Page not Found" errors on their Web browsers. However, entering the numeric IP address of the Web site in question would connect the user to the page.
Comcast technicians began working on the DNS problem immediately after identifying it Thursday evening and restored service to the company's customers by 12:00 a.m. ET Friday, Russo said.
The DNS is a global network of computers that translates requests for reader-friendly Web domains, such as www.computerworld.com, into the numeric IP (Internet Protocol) addresses that machines on the Internet use to communicate.
The recent attacks on DNS servers use a strategy called "DNS cache poisoning," in which malicious hackers use a DNS server they control to feed erroneous information to other DNS servers. The attacks take advantage of a vulnerable feature of DNS that allows any DNS server that receives a request about the IP address of a Web domain to return information about the address of other Web domains.
Online criminal groups and malicious hackers have used DNS cache poisoning recently in pharming scams, which are similar to phishing identity theft attacks but don't require a "lure," such as a Web link that victims must click on to be taken to the attack Web site. Instead, corrupted DNS servers forward Internet users who are looking for legitimate Web pages, such as Google.com, to Web pages controlled by the attackers, which harvest personal information such as user names and passwords from the victims, or install Trojan horse programs or other malicious code, according to the Anti-Phishing Working Group.
The attacks have been increasing in recent months, as Internet users become more savvy about traditional phishing scams and online criminal groups look for new ways to collect sensitive information or financial data from victims, the Anti-Phishing Working Group said.
In March, a rogue DNS server posed as the authoritative DNS server for the entire .com Web domain. Other DNS servers that were poisoned with this false information redirected all .com requests to the rogue server, which responded to all .com requests with one of two IP addresses controlled by the attackers.
An earlier attack in March targeted vulnerable products from Symantec (Profile, Products, Articles) Corp. and other companies to redirect requests from more than 900 unique Internet addresses and more than 75,000 e-mail messages, according to log data obtained from compromised Web servers that were used in the attacks, the Internet Storm Center said.
In recent days, a spate of such attacks prompted the Internet Storm Center to issue a code "Yellow" alert, signifying increasing threats on the Internet, and prompted Microsoft (Profile, Products, Articles) Corp. to issue revised instructions for configuring Windows machines used as DNS servers to prevent cache poisoning.
Company says outage unrelated to a spate of pharming attacks
By Paul Roberts, IDG News Service
April 08, 2005
Problems with the DNS (domain name system) servers at ISP (Internet service provider) Comcast Corp. prevented customers around the U.S. from surfing the Web Thursday, but the company said the interruptions were not linked in any way to a spate of recent DNS attacks known as "pharming" scams.
Comcast technicians noticed problems with the company's DNS servers at around 6:30 p.m. Eastern Time on Thursday. The problems interrupted DNS service to Comcast high-speed Internet customers across the U.S. just hours after The SANS Institute's Internet Storm Center advised ISPs to make sure their DNS servers were not vulnerable to a new spate of attacks. However, the outage was not caused by those attacks or by maintenance related to the attacks, according to company spokeswoman Jeanne Russo.
During the outage, Comcast customers who attempted to connect to Web sites such as Google (Profile, Products, Articles).com received frequent "Page not Found" errors on their Web browsers. However, entering the numeric IP address of the Web site in question would connect the user to the page.
Comcast technicians began working on the DNS problem immediately after identifying it Thursday evening and restored service to the company's customers by 12:00 a.m. ET Friday, Russo said.
The DNS is a global network of computers that translates requests for reader-friendly Web domains, such as www.computerworld.com, into the numeric IP (Internet Protocol) addresses that machines on the Internet use to communicate.
The recent attacks on DNS servers use a strategy called "DNS cache poisoning," in which malicious hackers use a DNS server they control to feed erroneous information to other DNS servers. The attacks take advantage of a vulnerable feature of DNS that allows any DNS server that receives a request about the IP address of a Web domain to return information about the address of other Web domains.
Online criminal groups and malicious hackers have used DNS cache poisoning recently in pharming scams, which are similar to phishing identity theft attacks but don't require a "lure," such as a Web link that victims must click on to be taken to the attack Web site. Instead, corrupted DNS servers forward Internet users who are looking for legitimate Web pages, such as Google.com, to Web pages controlled by the attackers, which harvest personal information such as user names and passwords from the victims, or install Trojan horse programs or other malicious code, according to the Anti-Phishing Working Group.
The attacks have been increasing in recent months, as Internet users become more savvy about traditional phishing scams and online criminal groups look for new ways to collect sensitive information or financial data from victims, the Anti-Phishing Working Group said.
In March, a rogue DNS server posed as the authoritative DNS server for the entire .com Web domain. Other DNS servers that were poisoned with this false information redirected all .com requests to the rogue server, which responded to all .com requests with one of two IP addresses controlled by the attackers.
An earlier attack in March targeted vulnerable products from Symantec (Profile, Products, Articles) Corp. and other companies to redirect requests from more than 900 unique Internet addresses and more than 75,000 e-mail messages, according to log data obtained from compromised Web servers that were used in the attacks, the Internet Storm Center said.
In recent days, a spate of such attacks prompted the Internet Storm Center to issue a code "Yellow" alert, signifying increasing threats on the Internet, and prompted Microsoft (Profile, Products, Articles) Corp. to issue revised instructions for configuring Windows machines used as DNS servers to prevent cache poisoning.
#9
Skibum
- Skibumus Lazium Extremum
-
- Group: Admin
- Posts: 7,199
- Joined: --
- Gender:Male
- Location:Canton, Connecticut
- Interests:Waterskiing, Snowskiing, Home Automation, VOIP, Astronomy,
Posted 09 April 2005 - 09:25 AM
QUOTE
For those technical users here is a very condensed report:
The issue started to occur at about 16:30 MST, and lasted until 22:30MST.
The first DNS complexes failed. Traffic from this server was routed to the secondary DNS complexes. which later also failed. From this point the Load Balancer's for the two DNS complexes failed. At about 22:30 or so MST, the systems were restored. Since then they are being monitored and changes are being made to the setup as for this not to happen again. Comcast won't risk having this happen multiple times as it affected several customers to say the least.
I hope this answers any of your technical questions, unfortunately there's nothing more that can be said about the issue other then it's resolved and fail safes have and are being put into place.
The issue started to occur at about 16:30 MST, and lasted until 22:30MST.
The first DNS complexes failed. Traffic from this server was routed to the secondary DNS complexes. which later also failed. From this point the Load Balancer's for the two DNS complexes failed. At about 22:30 or so MST, the systems were restored. Since then they are being monitored and changes are being made to the setup as for this not to happen again. Comcast won't risk having this happen multiple times as it affected several customers to say the least.
I hope this answers any of your technical questions, unfortunately there's nothing more that can be said about the issue other then it's resolved and fail safes have and are being put into place.
#10
justonemore
- Been here forever
-
- Group: Beta Tester
- Posts: 1,632
- Joined: --
- Gender:Male
- Location:Hamilton, NJ
- Interests:computers, motorcycles, gardening, family, home brewing,
Posted 09 April 2005 - 10:20 AM
How Nice!
I don't need no stinkin' signature
Share this topic:
Page 1 of 1
- You cannot start a new topic
- Add Reply