It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by LordGoofus
Hmmm I have tried to find more information about this and I always end up back at a forum on CNet, it seems this is where this "exploit" first appeared. Strange that for such a seemingly dangerous exploit, the only sources I've been able to find that give information about it are on public forums...
At the moment I'd have to say this "Med Network" is a hoax. DNS Poisoning is nothing new, but if this exploit was so serious, there would be reports on reputable news / tech sites, not just comments on public forums..
Originally posted by Notme
Just found this web page, I will quote cause google is the only way to view the page as cahed, the real site now says access forbiden
Google DNS Search
Originally posted by Whiskey Jack
I wonder if anyone has checked the hosts file on affected computers. Heck, I've got an old box sitting at home that I'd test it on if someone figures out the vector.
In the default configuration, Microsoft DNS server will accept bogus glue records from non-delegated servers. These bogus records will be added to the cache when a client attempts to resolve a particular hostname served by a malicious or incorrectly configured DNS server. The client can be coerced to request such a hostname as a result of an otherwise non-malicious piece of HTML email (such as spam) or in banner advertisements on websites, to give some examples.
Based on information contained in reports of this activity, there are sites actively engaged in this deceptive DNS resolution. These reports indicate that malicious DNS servers are providing bogus glue records for the generic top-level domain servers (gtld-servers.net) potentially resulting in erroneous results (e.g., failed resolution or redirection) for any DNS request
NERaptor has the explanation it sounds like. DNS Cache poisoning looks to be a likely culpret, but since it is pretty localized, it could not be a root DNS server. It must be and ISP's DNS server. Here is a quick test: If your machine exhibits the problem, change your DNS settings so that it points to a DNS server that your ISP does not host.
Originally posted by Banshee
this is NOT caused by software or viruses on someone's computer.
Those programs will not fix this problem.
This is a potential vulnerability with how the internet itself is built. A program to fix that does not exist.
In addition, ad-blocking software will not do anything about the image hijack involved with this. Any image, including avatars or boring old graphics, can be replaced with the Med Network ad.
[edit on 14-12-2004 by Banshee]
I've had a chance to study some systems that were being corrupted by this problem. I have determined a number of known issues/sources and have a few speculative guesses as to how the corruption occurs.
First, the issue definitely corrupts DNS servers...
Originally posted by just_a_pilot
The goofy hack that wrote this has created quite a clean up problem. It seems as though when your pc sends out a request that you type in to the browser as www.ats.com it actually sends a request for www.nameyourplace.com and you never know it and blame the ISP.