A newly found flaw in the Domain Name System may leave millions of people vulnerable to poison DNS attacks. But there's a free, easy way to make yourself invulnerable, and it'll take you all of about 30 seconds.
The DNS flaw allows hackers to poison the cache of DNS servers, replacing legitimate Internet addresses with spoofed destinations. So if you type in the name of your bank, or another Web site, for example, you could be instead routed to a spoofed site without your knowledge.
The big ISPs are rushing to patch their DNS servers. Some, such as Comcast and Verizon, say they've already done so. AT&T is still trying to fix theirs.
But plenty of other places may be vulnerable. Not all businesses, for example, have patched theirs. And when you're out at a hot spot, you have no idea whether the DNS servers they point to have been patched.
So how can you protect yourself? Simple. Use the free OpenDNS service, instead of your default DNS server. The service has been patched and is safe. Use the free service, and you'll be set. The service has plenty of other benefits, as you can see in this article.
To use the OpenDNS servers, you configure your computer to use them. In Windows XP, select Control Panel --> Network and Internet Connections --> Network Connections, right-click your network connection from the Network Connections window, and select Properties. A dialog box like that shown below appears.
Scroll to the Internet Protocol (TCP/IP) listing and select Properties. At the bottom of the screen select "Use the following DNS server addresses". For the Preferred DNS server, enter this address: 126.96.36.199. For the Alternative DNS server, enter this address: 188.8.131.52. The figure below shows the screen filled out properly. Click OK, and then click Close and Close again. Restart your PC in order for the settings to take effect.
Vista users should select Control Panel --> Network and Internet --> Network and Sharing Center. Click the View status link on the right side of the screen. The Local Connection Status screen appears, as shown in the figure below. Click Properties.
You'll come to the same dialog box for XP that lets you use the OpenDNS servers. Follow the same directions as for using OpenDNS on XP, and you'll be set.
Doing this, of course, only protects each individual PC. If you've got a home router, you can configure it to tell every PC on the network to use OpenDNS. For details, check out this article.
If you run a corporate network and need help getting OpenDNS set up, your best bet is to go to the OpenDNS FAQ page.
Like this blog? Subscribe to the RSS feed!
Seth Weintraub: Protect your Mac against poisoned DNS servers