DNS Hack Attempted Against This Blog
Today I was notified by my DNS provider that someone had requested the password be reset. They sent the reset link in the email on file and told me the IP address of the requester – in this case it was from Taipei, Taiwan 112. Good thing the DNS guys have a correct email address for me, huh? I suspect they hacked the ISP email address which I haven’t used in about … 10 years. Sometimes you get lucky. DNS – Domain Name Service is the telephone book of the internet. Learn more about DNS from Wikipedia.
- I won’t be resetting that password anytime soon. It is fairly long and random.
- I will be blocking all access to this blog from that ISP, however.
Subnet Blocked
Sorry to the other folks sharing that ISP, but I already block lots of subnets from all over the world (mostly from China, but other countries too – bad behavior gets blocked). It simply isn’t worth allowing potential crackers access to the blog. The funny thing is that nobody from that subnet has visited my blog anytime this month. Makes me wonder why anyone would want to steal the DNS? Nobody is typing passwords into this site after all. There isn’t anything here, except what is already published.
OTOH, some folks from BlueCoat.com have visited here recently. I wonder why? They know what their products provide for governments and companies better than I do. That’s certain. Hint: Transparent SSL Proxy Great if you are trying to limit corporate liability, but terrible if you are a freedom fighter or normal person using the internet under a bad regime.
DNS Is Critical
DNS is used whenever you access any domain name, jdpfu.com, for example. It is also used by SSL certificates for validation. If you want to use SSL/HPPS on the Internet, then you are completely dependent on DNS. If they can intercept DNS or redirect DNS for a single domain, then they can own all the users of that website or domain. If they can change the DNS used on any computer or device, then they can own every website, email server, ftp server, gopher server, IM server – basically any server that the users accesse whether SSL is used or not.
Scary.
Even if they just proxy the connection to the real server, all the data coming from them or going to them will be seen. DNS is critical to almost all internet security. The only time that SSL does not depend on DNS is when private keys are used. You may be directed to the wrong server, but the keys won’t match, so you will get an error. However, most users that see this error, just click through to access to the website anyway, which is really, really bad.
VPN servers commonly use unpublished SSL keys, so the public and private keys are only known to the client(s) and server(s) directly involved. Those can’t easily be hacked by DNS methods, but the client can be prevented from connecting to the correct server. That’s a form of denial of service. Well, it seems I may need to reset my ISP password. I’ll have to ponder that a little. It isn’t a big deal to change the password. That password is different from all other passwords used any where else. OTOH, I haven’t seen anything funny in emails, so changing it could jeopardize it if my proxy server or routers have been compromised.
What Other Steps Should I Take, if any?
Am I missing something important that needs to be checked? Please let me know in the comments.
