By BoLOBOOLNE payday loans

How to protect yourself from DNS hacks

A couple weeks ago, Dan Kaminsky found a flaw in DNS.  Without getting into details, this flaw enables a malicious attacker to fool your web browser into connecting to the wrong computer to get your web pages.  So when you type www.facebook.com into your browser, you might actually go to Joe Hacker’s site, even though your browser says http://www.facebook.com/ in its address bar just like it should.

Dan, being a "good guy", tried to keep the details of this hack quiet for long enough for network operators to patch their systems and close the loophole.  He wanted everybody running a DNS server to do this before the "bad guys" figured out what the bug is and started to take advantage of it.  He was hoping for 30 days of time to prepare, but somebody spilled the beans after 13 days, and now the hackers are off and running.

It’s a jungle out there

You might be asking, So what? What are the dangers of being directed to the wrong website?  Of course, you could read incorrect news and that’s not great.  More likely you’re going to have your password stolen for whatever site you log into.

The obvious attacks are to sites like paypal or banks, but they’re actually safe from such attacks if you use your browser properly.  Any financial site will use a secure connection.  You can tell because of the https:// at the beginning of their address.  These sites use a digital certificate that your browser checks to verify their authenticity.  All this happens independently of the DNS system.

But you can still connect to a hacked site with https.  Your browser will probably warn you saying something about a certificate not matching.  More often than not these errors occur because of a lazy sysadmin or something.  But right now, I strongly advise you to take all HTTPS warnings seriously.

Protect yourself

If you want to be sure you’re safe, manually connect your machine to OpenDNS, as Dan recommends.  We know they’re patched and can take the traffic.  I’ll give you the steps to do this on Windows:

1. Start menu
2. Control Panel
3. Network connections  (might have to switch to "classic view")
4. Select the one you’re actually using.  It’s likely called "local area connection".
5. Click Properties on the status dialog
6. Scroll down in the list of checkboxes, and select "Internet Protocl (TCP/IP)" so that it’s highlighted.  (Leave it checked!)
7. Click Properties
8. In the first General tab, change the second radio-button from "Obtain DNS server address automatically" to "Use the following DNS server addresses:"
9. For Preferred DNS server, enter: 208.67.222.222
10. For Alternate DNS server, enter: 208.67.220.220

That’s mostly it, but to be safe, you should reboot, restart your browsers, and/or:

11. (Windows key+R).  In the dialog type  "ipconfig /flushdns" (without the quotes) and hit okay.

  1. Ian MacDuff says:

    I think the OpenDNS IP addresses should start with 208, not 206.

  1. There are no trackbacks for this post yet.