6200networks.com

by Joe Harris, CCIE# 6200

Today is Saturday, November 22nd, 2008

About the Author

Joe Harris, CCIE No. 6200 (R&S, Security & SP) is a Systems Engineer with Cisco Systems® specializing in Security. In addition to authoring Cisco Network Security Little Black Book, Joe has also been a technical reviewer for several Cisco Press publications and written articles, white papers, and presentations on various security technologies. He also assists various Certification Partners by beta testing their newest CCIE certification workbooks and has been recognized by Cisco as an SE Wall of Fame award winner.

See All Posts by This Author

Service Interruption

July 24th, 2008 • Related • Filed Under

Ok so you may have noticed that my site was not available over the last day or so (not sure just how long) and in fact it may still be inaccessible depending on your provider. I had no idea this even happened as I am out on vacation this week with my family and I may have not known for a while longer had a colleague of mine not notified me of the issue. So just what was the issue? Was the site hacked? Well not exactly….what happened exactly was that my hosting provider was vulnerable to the whole global DNS cache poisoning vulnerability discovered by Dan Kaminsky causing my site to be redirected to another location. While on vacation I opened a ticket with my provider, explaining the hack to them (I read the Intellishield Alert regarding the issue) and they promptly took the correct measures to rectify the problem. I apologize for any inconveniences this has caused you and hope that the we don’t have any further RPE’s…(Resume Producing Events) ….

Btw, if you haven’t patched your systems please do so now. You can get further information regarding Cisco devices affected by DNS poisoning here: Cisco PSIRT or by scrolling down to the PSIRT section of my site on the right-hand side of the page and clicking the first link.

To get a complete list of affected products as well as patch locations please see the Intellishield Alert for further details: Intellishield Alert 16183 as you can see from what happened to my site, this is issue should not be overlooked.

There Are 2 Responses So Far. »

Comment by Nikolay Shopik on 24 July 2008:

Welcome back online!
And this is one of proof concept to inject some malware to users computer!
Comment by Binh on 24 July 2008:

Another recommendation for folks out there is to use opendns as DNS servers for now. More details can be found at http://www.opendns.com/.
Just because you are able to get to the proper sites now doesn’t mean that your provider’s DNS servers are NOT vulnerable/patched.

Joe,
Glad that I was browsing through ur site yesterday. Just tried to increase my chance to win your monthly drawing here!

–Binh