Posts tagged ‘open dns’

Open DNS and DNS Poisoning/A Solution

Surprisingly enough, PC World has come up with a solution to DNS poisoning:  USE OPEN DNS.  Heck, I even said so; there was even a post where I intimated the relative intelligence, unfortunately, of not using Open DNS.  If you use a router (my older Belkin, with three computers, two different operating systems–two out-of-the-box and one made-to-spec locally (a mistake)–etc. wasn’t going to accept it without a whole system tweak), try to set up your router with it, although it isn’t all-important.  The more randomization of your address and path you use, the better.  I’ve even gone back to an actual hidden mode, which I haven’t done since the first days of the public internet.  If you have essential information, back it up offline.  Briefly what I mean by that is one of two things, with the latter possibly the more reasonable; either write it on a disk (CD/DVD) or else write it to something like a USB hard drive and only use said external drive for backups.

 

And there is absolutely no certain cure except hard copy or ROM discs.  That is the “white line” mechanism that I’ve discussed, and actually doesn’t apply to any kind of electromagnetic reading except to something like Notepad ++ where it’s a character-only transition, with no exec’s (*.exe files) able to cross the line.  The discussion of solutions is becoming very high level.  The military solution in the 70s in a barely similar situation was to use a mutual one-time code at both ends, essentially a “book code”.  The problem here is, someone else may have the dam’ book.  Okay.  I couldn’t find it on two pages of Google.  I have a book, you do–seems like this may have been touched on in Da Vinci Code.  I reference page, line, and word (by whatever system; remember you can also count characters); you take my references (ideally alphanumeric, with obscuring characters, designed to obfuscate the nature of the code) to an identical copy of the book it is…and reconstruct what I’m saying.  I’m nearly certain EAP (no, my friends of online shorthand, I won’t decode that) referenced it in a cryptographic study in one of his shorts (quoth the raven).

 

A one-time is a shared book used to encode/decode one message and then destroyed, and is close to fool-proof depending on distribution of the book and the method.  What I mean is that your data can be read and decrypted in real time almost without doubt.  Bear in mind that a book code must use words not letters, although phonetic transliteration might barely be possible.  True randomization is not possible with state of the art, although I believe the model could be constructed on primes; I am not going that way.  I’m 55 in a couple of months, and I don’t have time to study that too.

 

Hopefully I’ve scared and confused the stubborn ones.  The easiest solution (not foolproof, but it takes you from bright orange to camouflage) is Open DNS.  It’s easy to use for one IP address (you don’t have to use it on your home router).  It will help protect you from phishing–going to your bank, for instance, and entering in information…only it wasn’t actually your bank.

–Glenn

P.S.  I deployed Open DNS a couple of years ago, as I recall…

August 14, 2008 at 6:41 am Leave a comment

Avoid DNS Poisoning: USE Open DNS

I’m going to go into the DNS thing in a bit more detail later, probably.  DNS is a Domain Name Server.  As I recall–being senile, I’m probably wrong [I’m not] you had to type in the whole thing, http[s]:/ etc. and at least sometimes actual IPs.  If you go to Open DNS you’ll see an example.  You don’t have to set up your router, if you have one.  The internet actually “sees” your router as one IP address.  This is an added layer of (trusted) protection named at the Black Hat Conference.  That’s not fedoras, it’s hackers.  So I hear, never having known how to program.  Here’s one of Erik Larkin’s comments on lines of protection: “5. Your fix-it options: Apply the patch for your particular DNS server.  Or switch to a protected service like Open DNS where you use their servers.”  [If you don’t use a router, then your Internet Service Provider is the source of your servers…which pretty much means you actually just use their servers.  Nor have any of the providers been particularly speedy or adept at applying any fixes.  That may–not that I sympathize in the least–have been because the management felt overwhelmed and unable to dedicate enough tech support time.  If I were daring, I’d say it was actually mainly because they didn’t give a damn, but I believe in, well, everything.  It’s why I’m so cheerful.  Note that I linked to Erik’s article twice, because it’s nearly a must-read for anyone who uses the internet, especially for businesses.  It’s serious, and it’s a simple fix.

–Glenn

August 12, 2008 at 1:39 pm Leave a comment

example of a dns attack…

Against the creator of one of the attack vectors (a program actually using one of the weaknesses, I mean).  Most ISP’s still don’t have things patched according to a recent report.

–Glenn

August 2, 2008 at 8:24 am Leave a comment

Lack of Posts Today and Yesterday

I’ve been fighting with performance-related issues.  My actual usual choice for posting is an offline document of some sort, and I can see that’s what it will return to.  What prevented me on this return to the blogging venue was the ease of using the WordPress link mechanism.  Part of my problem with performance was Open DNS and Threatfire.  The other and bigger part of it, I’m becoming convinced, is some kind of fairly widespread change through sites.  Probably it’s a security issue and requires more pings, from the looks of it, although that’s merely a guess.  As is, I think I’m also falling asleep.

–Glenn

July 22, 2008 at 6:08 pm Leave a comment

Open DNS

It works.  It’s here and read every scrap of documentation carefully.  The problem I started having was that it was knocking my (broadband) connection down all too regularly.  Threatfire goes next if this doesn’t solve it.  Of course, all I actually did was uninstall the local software, so this could get quite a bit more complicated.

–Glenn

July 19, 2008 at 9:14 pm Leave a comment