[OT] Re: dns poisoning?

[Iago Rubio]

On Thu, 2005-03-10 at 11:08 +0900, Joel wrote:
> Sorry for the cross-post.

It's off topic here. It's the fedora development list, not the redhat
support list.

It even could be off topic for the redhat support crew, and you should
contact your ISP reporting possible attacks on their DNS servers.

Only if you know the redhat DNSs have been taken down - hijacked - you
should contact redhat - not the fedora's development list.

> I just tried to access bugzilla.redhat.com on a MSWxp box (Firefox) and
> got a certificate dialog. (You know, "This certificate does not appear
> to be valid. Etc." which is really poor wording, anyway.)

There are more words in the firefox certificate dialog.

> I panicked and cancelled (good) 

Bad, no need for panic, and you lost what had happened. Even while
anyone was able to drive a man-in-the-middle attack, I'll not eat your
box just for reading the certificate or going to the spoofed page.

To "panic and unplug" is one of the worst things you can do when an
attack is in place. You will get clueless about what had happen.

> without looking at the certificate first
> (bad). 

Agree.

> Shut down Firefox. Went to my FC box and tried from there. Access
> completed as it has in the past, redirecting me successfully to https
> without any certificate dialog. So I tried again from the MSWxp box and
> this time there was no certificate dialog. It connected me via ssl the
> way it usually does.
> 
> There was a lot of news yesterday about dns poisoning.

If both boxes used the same DNS server, both boxes should have been
fooled.

Frankly, I don't see a reason for anyone to spend the effort of driving
a man-in-the-middle attack on bugzilla.

To harvest a bugzilla password ? Sounds weird, uh ?

> Anyone else seen something like this?

Unfortunately you don't know what had happened so it's quite difficult
to say if anyone seen ... what ?

I'll be better for the next time to try to pick all information you can
to identify the problem.
-- 
Iago Rubio