Does anyone know how to send a question to AT&T about the security of their DNS? The support pages don't seem to cover that area.
There is a current issue with their DNS servers that appears make them vulnerable to the DNS Cache Poisoning (see http://www.doxpara.com/ ). According to this site, AT&T's DNS servers have not been patched. This means you could surf to www.citibank.com and be directed to phony phishing site.
I was just wondering what the offical AT&T position is. Until I know for sure this is covered, I won't feel safe logging onto any financial sites. If we can't trust DNS, then we can't trust anything we see 
.
mphouston wrote:Does anyone know how to send a question to AT&T about the security of their DNS? The support pages don't seem to cover that area.
There is a current issue with their DNS servers that appears make them vulnerable to the DNS Cache Poisoning (see http://www.doxpara.com/ ). According to this site, AT&T's DNS servers have not been patched. This means you could surf to www.citibank.com and be directed to phony phishing site.
I was just wondering what the offical AT&T position is. Until I know for sure this is covered, I won't feel safe logging onto any financial sites. If we can't trust DNS, then we can't trust anything we see
old news its been patched ...
u cannot get to that page ne more
there were certain areas exposed without password protection but those have been changed..
u will find older threads about this back a few months now...
randy
Are you talking about flaw in the 2Wire RG? The one I saw from January 2008:
MAJOR SECURITY FLAW IN ATT/2WIRE RG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I am not worried about that flaw since it was closed.
I am talking about flaws in AT&T's internal DNS servers that we all rely on. Not the boxes in our homes 
.
According to the doxpara site, AT&T's servers are still unpatched. (There is a nice link on that site that lets you test if your DNS servers are still vulnerable. Not sure how it tests it). The flaw was discovered around July 24 and accidentally made public before the DNS servers were patched. Right now, about 50% of the DNS servers are vulnerable.
I normally don't worry about most vulnerabilities, but this one caught my eye since you don't have to go to shady sites, download trojans or any other unsafe practices. Just using DNS and getting unlucky is all it seems to take.
Thanks for the suggestion. I checked again today and the DNS server (66.73.20.52) seems to be safe according to www.doxpara.com. Of course, that is not the DNS server listed in the 2wire setup (68.94.156.1). Both are listed as AT&T in Richardson, so I feel Ok now.
I did notice that the DNS server it tests with my office VPN is different (naturally). It is listed as possibly vulnerable. According to whois, it is a Bellsouth IP, so maybe not all of AT&T is patched yet. BTW, my original tests over the weeked were without the VPN.
I am still going to be a little paranoid, but now I can probably use my online banking again .
(Thanks for the suggestion on OpenDNS. I couldn't easily use it on my laptop since I bounce between networks and depend on DHCP to reconfigure things. The 2wire RG does not seem to let me override the DNS server for the whole local net like my older router gateways did).
