DNS Cache Poisoning

View previous topic View next topic Go down

DNS Cache Poisoning

Post by arfamow on Sat Dec 19, 2009 7:31 pm

Can you explain what DNS cache poisoning means please.
I was running Security Check and at the end of the report it mentioned something about the DNS being poisoned. Let me think
Regards
Arthur

arfamow
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2009-05-21
Gender : Male
OS : vista

View user profile

Back to top Go down

Re: DNS Cache Poisoning

Post by Dr Jay on Sun Dec 20, 2009 2:42 am

DNS cache poisoning is when the DNS cache is corrupted by malware.

Usually a DNS server gets malicious data, then caches(saves) it for future use.

So, a domain name server (DNS) translates domains names in to IP addresses. If the DNS cache is poisoned, it will return an incorrect IP address, which will redirect to another computer.

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13713
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: DNS Cache Poisoning

Post by arfamow on Sun Dec 20, 2009 12:27 pm

Thanks Dragonmaster Jay for your prompt reply,
Can you suggest a way to get rid of whatever is poisoning the cache?.

I am constantly running Malwarebytes, Spybot and Avast but nothing is being picked up that seems malicious, also I don't seem to be having a problem with the internet.

arfamow
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2009-05-21
Gender : Male
OS : vista

View user profile

Back to top Go down

Re: DNS Cache Poisoning

Post by Dr Jay on Sun Dec 20, 2009 2:54 pm

Download my tool and it will rid it.

Please download RenewMyDNS by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13713
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: DNS Cache Poisoning

Post by arfamow on Sun Dec 20, 2009 4:30 pm

Thanks again Dragonmaster Jay, That program of yours is a fantastic piece of software and the instructions were very easy to follow. I think that everything is now ok. Below is the log file you asked for.

Merry Christmas and a prosperous New Year to yourself and everyone at Geekpolice

Thank You!

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows [Version 6.0.6000]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))



Windows IP Configuration

Host Name . . . . . . . . . . . . : Art-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : tiscali.co.uk

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : tiscali.co.uk
Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-19-DB-A2-C4-DD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fdd0:432b:8b55:28b4%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 20 December 2009 12:11:32
Lease Expires . . . . . . . . . . : 21 December 2009 13:58:50
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201333211
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:d5c7:a2d6:2c83:3f79:3f57:fefd(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c83:3f79:3f57:fefd%8(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{AA3CE809-57F2-4E64-A7F0-F1B691B3445F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BBEC215-ED26-4575-B61A-6B63322CFEB6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BBEC215-ED26-4575-B61A-6B63322CFEB6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BBEC215-ED26-4575-B61A-6B63322CFEB6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BBEC215-ED26-4575-B61A-6B63322CFEB6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BBEC215-ED26-4575-B61A-6B63322CFEB6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BBEC215-ED26-4575-B61A-6B63322CFEB6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Connection-specific DNS Suffix . : tiscali.co.uk
Description . . . . . . . . . . . : isatap.tiscali.co.uk
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.2%26(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Disabled

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful
The requested operation requires elevation.



(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))


Pinging yahoo.com [209.131.36.159] with 32 bytes of data:



Reply from 209.131.36.159: bytes=32 time=186ms TTL=55

Reply from 209.131.36.159: bytes=32 time=193ms TTL=55

Reply from 209.131.36.159: bytes=32 time=186ms TTL=55

Reply from 209.131.36.159: bytes=32 time=186ms TTL=55



Ping statistics for 209.131.36.159:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 186ms, Maximum = 193ms, Average = 187ms



Pinging geekpolice.net [64.202.189.170] with 32 bytes of data:



Reply from 64.202.189.170: bytes=32 time=187ms TTL=113

Reply from 64.202.189.170: bytes=32 time=190ms TTL=113

Reply from 64.202.189.170: bytes=32 time=190ms TTL=113

Reply from 64.202.189.170: bytes=32 time=190ms TTL=113



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 187ms, Maximum = 190ms, Average = 189ms



Pinging facebook.com [69.63.187.17] with 32 bytes of data:



Reply from 69.63.187.17: bytes=32 time=114ms TTL=245

Reply from 69.63.187.17: bytes=32 time=115ms TTL=245

Reply from 69.63.187.17: bytes=32 time=115ms TTL=245

Reply from 69.63.187.17: bytes=32 time=114ms TTL=245



Ping statistics for 69.63.187.17:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 114ms, Maximum = 115ms, Average = 114ms



Pinging microsoft.com [207.46.232.182] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.232.182:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

Very slowly I am Learning

arfamow
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2009-05-21
Gender : Male
OS : vista

View user profile

Back to top Go down

Re: DNS Cache Poisoning

Post by Dr Jay on Sun Dec 20, 2009 7:04 pm

Please re-download RenewMyDNS, then, to run it - right-click it and click Run as Administrator.

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13713
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: DNS Cache Poisoning

Post by arfamow on Mon Dec 21, 2009 4:07 pm

Hi Dragonmaster Jay, sorry about the first report, I missed out the bit about "run as administrator". It took me a bit to find it but it should be ok now. LOL Banner
I have also run another security check by Screen 317 and at the bottom it says "great !(not vulnerable to DNS cache poisoning).
Thanks once again.

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows [Version 6.0.6000]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))



Windows IP Configuration

Host Name . . . . . . . . . . . . : Art-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : tiscali.co.uk

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : tiscali.co.uk
Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-19-DB-A2-C4-DD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fdd0:432b:8b55:28b4%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 21 December 2009 14:42:25
Lease Expires . . . . . . . . . . : 22 December 2009 14:42:25
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201333211
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73bc:486:3b75:3f57:fefd(Preferred)
Link-local IPv6 Address . . . . . : fe80::486:3b75:3f57:fefd%8(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{AA3CE809-57F2-4E64-A7F0-F1B691B3445F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BBEC215-ED26-4575-B61A-6B63322CFEB6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BBEC215-ED26-4575-B61A-6B63322CFEB6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BBEC215-ED26-4575-B61A-6B63322CFEB6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BBEC215-ED26-4575-B61A-6B63322CFEB6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BBEC215-ED26-4575-B61A-6B63322CFEB6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BBEC215-ED26-4575-B61A-6B63322CFEB6}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Connection-specific DNS Suffix . : tiscali.co.uk
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.2%26(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Disabled

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))


Pinging yahoo.com [209.191.93.53] with 32 bytes of data:



Reply from 209.191.93.53: bytes=32 time=172ms TTL=50

Reply from 209.191.93.53: bytes=32 time=171ms TTL=50

Reply from 209.191.93.53: bytes=32 time=170ms TTL=50

Reply from 209.191.93.53: bytes=32 time=169ms TTL=50



Ping statistics for 209.191.93.53:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 169ms, Maximum = 172ms, Average = 170ms



Pinging geekpolice.net [64.202.189.170] with 32 bytes of data:



Reply from 64.202.189.170: bytes=32 time=191ms TTL=113

Reply from 64.202.189.170: bytes=32 time=199ms TTL=113

Reply from 64.202.189.170: bytes=32 time=190ms TTL=113

Reply from 64.202.189.170: bytes=32 time=190ms TTL=113



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 190ms, Maximum = 199ms, Average = 192ms



Pinging facebook.com [69.63.181.12] with 32 bytes of data:



Reply from 69.63.181.12: bytes=32 time=180ms TTL=243

Reply from 69.63.181.12: bytes=32 time=181ms TTL=243

Reply from 69.63.181.12: bytes=32 time=182ms TTL=243

Reply from 69.63.181.12: bytes=32 time=181ms TTL=243



Ping statistics for 69.63.181.12:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 180ms, Maximum = 182ms, Average = 181ms



Pinging microsoft.com [207.46.197.32] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.197.32:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF


very slowly I am learning

arfamow
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2009-05-21
Gender : Male
OS : vista

View user profile

Back to top Go down

Re: DNS Cache Poisoning

Post by Dr Jay on Mon Dec 21, 2009 9:10 pm

Looks good to me.

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13713
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum