Code46 1 Posted ... Hey all, The recent network solutions hijack got me wondering about VPN connections in such a circumstance. I would assume the DNS exploits would still "work" against a client whose traffic was inside a tunnel because you STILL need to resolve IPs, right? DNS being basically a big trust relationship this seems like a real problem to me. If my question makes sense, can someone explain or point to sources regarding protecting against such exploits if it is possible? Thanks 1 Staff reacted to this Quote Share this post Link to post
Staff 9973 Posted ... Hey all, The recent network solutions hijack got me wondering about VPN connections in such a circumstance. I would assume the DNS exploits would still "work" against a client whose traffic was inside a tunnel because you STILL need to resolve IPs, right? DNS being basically a big trust relationship this seems like a real problem to me. If my question makes sense, can someone explain or point to sources regarding protecting against such exploits if it is possible? Thanks Hello, background for the readers: http://blogs.cisco.com/security/hijacking-of-dns-records-from-network-solutions/ You are wrong in searching for a solution on your side or on VPN side. We mean that maybe you're looking at the problem from an incorrect point of view. The exploit (if we can call it exploit... technically it might be incorrect to name it so) works by obtaining unauthorized access to the DNS authoritative nameservers, or by fraudulent practices by the operators of the nameservers themselves against their own customers! About the case you cite, please see also here:http://en.wikipedia.org/wiki/Network_Solutions#Controversy_over_subdomain_hijacking We also strongly recommend that you read this:http://en.wikipedia.org/wiki/Network_Solutions#Controversy_over_domain_name_front_running Thank you for having brought into attention this important topic. We're moving the thread to "General & Suggestions", everyone interested in registering domain names should be aware of the aforementioned practices and should avoid searching for domain names availability from Network Solutions systems. Kind regards Quote Share this post Link to post