So I thought I'd test the nameservers of some of the UK mobile operators to see how secure their DNS is and whether steps are in place to stop hackers injecting fake DNS records into the cache, this could be for bad / viral sites etc.
The results of the networks I can test are:
O2 - Excellent
3 - Excellent
T-mobile - Very bad
So this means that if you are on T-mobile / Virgin you are vulnerable to DNS spoofing and the ISP could serve up a page which is different to the one you wanted, potentially with exploits or viruses.
Anybody that wants to test their own ISPs nameservers against this attack can do so here
This also confirms to us that although T-mobile and 3 share cell sites and cell broadcast, that the back end networks are very different.
It was Dan Kaminsky a security researcher that found that this exploit was possible back in 2008 and warned sys admins to update their DNS security. I find it very surprising that T-mobile are vulnerable to this, looking at the pattern it looks to me like you could predict the source port and attempt to poison the cache.
The results of the networks I can test are:
O2 - Excellent
3 - Excellent
T-mobile - Very bad
So this means that if you are on T-mobile / Virgin you are vulnerable to DNS spoofing and the ISP could serve up a page which is different to the one you wanted, potentially with exploits or viruses.
Anybody that wants to test their own ISPs nameservers against this attack can do so here
This also confirms to us that although T-mobile and 3 share cell sites and cell broadcast, that the back end networks are very different.
It was Dan Kaminsky a security researcher that found that this exploit was possible back in 2008 and warned sys admins to update their DNS security. I find it very surprising that T-mobile are vulnerable to this, looking at the pattern it looks to me like you could predict the source port and attempt to poison the cache.
