Symantec Firewall DNS caching exploited

Breaking news… it appears that Symantec firewalls with DNS caching enabled have been exploited and are being used in a DNS cache poisoning scheme to redirect users to malicious sites where their machines are being exploited with ActiveX-containing toolbars. My suggestions:

  1. Disable DNS caching
  2. Replace the Symantec firewall if possible
  3. Stop using IE.

Details, sketchy as they are, at: http://isc.sans.org/diary.php?date=2005-03-04

No comments yet.

Leave a Reply

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.