Author Topic: What's happened to OpenDNS?  (Read 1615 times)

0 Members and 1 Guest are viewing this topic.

Offline Foxpup

  • Hero Member
  • Species: Cyborg Fox
  • *****
  • Male
  • Posts: 1182
What's happened to OpenDNS?
« on: September 01, 2011, 01:01:15 am »
Is it just me, or has OpenDNS suddenly started returning 67.215.65.130 for every single domain? This seems to have just started happening sometime today. This obviously isn't a simple server failure, there's definitely something weird going on here. Anyone know what's happened?
“Hmm... They have the Internet on computers now.” - Homer Simpson

“Art doesn't work without pain. Art exists for compensating pain.” - Till Lindemann

“There's a fine line between sayings that make sense.” - Too Much Coffee Man

Offline Hoagiebot

  • Sr. Member
  • Species: Thinking Machines Corporation CM-5/1056
  • Analyzing MLP w/ 135-GFLOPS of raw computing power
  • ****
  • Male
  • Posts: 437
    • Project Destiny Studios
Re: What's happened to OpenDNS?
« Reply #1 on: September 01, 2011, 07:16:14 am »
As of the time of my writing this, I have not seen or heard anything about this.  Sorry.  I don't happen to use OpenDNS personally, so this issue didn't effect me.  However, I do usually keep an eye on all of the daily IT security news stories, and while I have seen headlines about an attack against Google using a forged Google SSL certificate, an attack against the Mozilla add-ons site once again using a forged SSL certificate, a "devastating" bug discovered that leaves the Apache web server open to DoS attacks, etc., I have not seen anything specifically about OpenDNS.  However, it was noted in one of the articles that I read that a list of 247 SSL certificates issued by the company DigiNotar was recently blacklisted in the Chrome, Internet Explorer, and Firefox browsers because it was found that DigiNotar was the company behind the issuing of the compromised SSL certificates used in the recent attacks against Gmail, Google Docs, other Google services, and addons.mozilla.org.

According to one article that I read:

Quote
The breach of DigiNotar gave the attackers the digital credentials needed to host spoofs of virtually any Google property that were almost indistinguishable to people using networks controlled by the hackers. The fraudulent certificate showed it was issued on July 10, but it came to light only on Monday. Google hasn't said how long the counterfeit certificate was actively being used in the wild.

This is just speculation on my part, but since these recent forged SSL certificate attacks seem to have targeted multiple heavy-traffic web services such as GMail, the Mozilla add-ons site, Yahoo!, the Tor Project, WordPress, and Baladin, possibly OpenDNS was yet another company that was effected by all of the compromised certs and they just silently fixed the problem and not reported it?  *shrugs*  Hopefully some news about what actually happened to OpenDNS will come out soon.  I would be interested to learn what really happened.
« Last Edit: September 01, 2011, 07:21:32 am by Hoagiebot »

Offline Foxpup

  • Hero Member
  • Species: Cyborg Fox
  • *****
  • Male
  • Posts: 1182
Re: What's happened to OpenDNS?
« Reply #2 on: September 02, 2011, 12:51:22 am »
Problem seems to be fixed now. Also, I don't see how the DigiNotar incident would have anything to with it, since (as far as I know) DNS doesn't use SSL (which is kinda scary when you think about it).
“Hmm... They have the Internet on computers now.” - Homer Simpson

“Art doesn't work without pain. Art exists for compensating pain.” - Till Lindemann

“There's a fine line between sayings that make sense.” - Too Much Coffee Man

Offline Hoagiebot

  • Sr. Member
  • Species: Thinking Machines Corporation CM-5/1056
  • Analyzing MLP w/ 135-GFLOPS of raw computing power
  • ****
  • Male
  • Posts: 437
    • Project Destiny Studios
Re: What's happened to OpenDNS?
« Reply #3 on: September 02, 2011, 07:57:33 am »
Also, I don't see how the DigiNotar incident would have anything to with it, since (as far as I know) DNS doesn't use SSL (which is kinda scary when you think about it).

Of course DNS doesn't use SSL.  However, the opendns.com website does have a web-based account dashboard for registered users that requires a username and password to login.  You can see it here: https://www.opendns.com/auth/?return_to=http%3A%2F%2Fwww.opendns.com%2Fdashboard%2F.  Often websites use SSL to protect your login credentials, and that could have been targeted with a forged certificate in order to collect account usernames and passwords, or other nasty stuff like that, which could have lead to larger system compromises later with the stolen credentials.  So even though the Domain Name System doesn't use SSL, the OpenDNS website still could for its web dashboards.  As I mentioned in my last post I don't use the OpenDNS service and was merely speculating.  I don't know what the heck happened to them.