Author Topic: DNS poisoning  (Read 6168 times)

0 Members and 1 Guest are viewing this topic.

Offline tanathka

  • Administrator
  • Newbie
  • *****
  • Posts: 4
    • CM Photography
DNS poisoning
« on: October 22, 2011, 05:13:51 PM »
I've noted that several members have been the recipient of poisoned DNS. ie trying to get to the forum and getting some completely random site.

This is an example of DNS poisoning and works because DNS servers have a time to live for its settings, allowing hackers and virus/Trojan's to inject false addresses into the upstream DNS servers.
It takes time for the correct data to filter downstream to individual computers. usually 24 - 48 hours.
To speed this process up you can issue the following command from the command line.

ipconfig /flushdns

It won't make a difference if the upstream DNS is still incorrect though.

Online ideasguy

  • Administrator
  • Hero Member
  • *****
  • Posts: 6329
  • Just me
    • Ideas for Gardens
Re: DNS poisoning
« Reply #1 on: October 22, 2011, 07:16:51 PM »
Ive done that to test it out James, many thanks for that.
Heres some more reading on the subject:
http://en.wikipedia.org/wiki/DNS_cache_poisoning

Heres a screenshot to help members find where to enter that command in your posting:
http://www.flowergenie.co.uk/images/startrun.gif

To introduce what this does, heres a laymans description of cached pages.
When you visit a website, browsers make a copy of web pages visited and saves them on your computer, referred to as caching.
If at some time you revisit the web site, the browser looks for the copy it made (the cached page) and displays that, rather than going to the website and downloading the page again.
This presents many problems. If the web site administrator makes a change to the website, you dont get the change. Instead you get a copy of the page as it used to be (from your own computer) - now out of date.
In my case, I post program updates on a web page. A user who visits the product support web site regularly might not see the latest web page status with up to date listing of updates (they sees the cached page from their last visit).

To be sure you are viewing the latest posting, you should refresh the web page.
Heres how. To view the latest state of a web page, you view the web page as normal, then you should click View (a tab on your browsers menu) then Refresh (IE browser) or click View then Reload in Mozilla Firefox.

As you explained to me on the phone James, the command above clears your cached pages.
When you revisit a web site you visited earlier, it forces the lazy browser to go to the website and download the requested page and display that, rather than retrieve a copy of the web page which it cached previously.

Thus, if you have seen a "Reported attack page" when you clicked on a link to visit a website which you know is genuine, and get a suspicious web address instead, then you should run the command as advised by James to clear the cache (the region containing all your cached pages). If not immediately (see James explanation of time to live) you will at some stage get the proper website.
« Last Edit: October 22, 2011, 09:20:02 PM by ideasguy »

Offline Eric Hardy

  • Hero Member
  • *****
  • Posts: 1313
  • Anthea & Eric, The Chilterns, Buckinghamshire UK
Re: DNS poisoning
« Reply #2 on: October 22, 2011, 09:42:25 PM »
Thanks for all the advice, it does make my poor old brain spin though  :)

What was interesting is that the attack page warning appeared first when I clicked on the link in the email which indicated a posting. In Firefox the posting appears on a new tab so the original Ideas Genie forum was still open on another tab. I right clicked on the Ideas Genie tab and instructed it to "Reload Tab". To my surprise this Attack Page warning appeared there too.

Everything has settled down now and the Attack Page warning has not appeared since. Just now I took James' advice and ran ipconfig /flushdns. (Thanks for the instructive diagram, George)

Online ideasguy

  • Administrator
  • Hero Member
  • *****
  • Posts: 6329
  • Just me
    • Ideas for Gardens
Re: DNS poisoning
« Reply #3 on: October 22, 2011, 09:46:32 PM »
I'm relieved the Attack message has gone Eric - hopefully permanently.