What are you guys doing to prevent DNS poisoning attacks?
I got hit the other night around midnight. The first night I lost DNS. My network was down all night.
I thought I was doing enough by only allowing my network devices to access only ISP DNS servers. It stopped my network devices from accessing bad web pages and getting loaded up with bad code so my network was kind of off line because there was no valid DNS server available. I was drinking so I waited till the next day. All devices are pointed to my router so it is the focus point for DNS. I was able to ping outside on the internet but DNS was not working. That means I had to rebuild my router as something happened to my DNS. I flashed it twice and then setup the router again from scratch. This time I tightened up security a little more. I locked remote access down to a very small local network. I blocked all IPv6 traffic. I again locked my DNS access to only 2 DNS servers. All other DNS server will fail. I got hit the next night around midnight again. The network stopped for about 10 to 20 minutes. Then they went away this time so I am thinking I faired better. I did not need to rebuild the router this time.
Once your PC accesses a bad web page from DNS poisoning it needs to be rebuilt from scratch because there is no way to tell what was loaded on the PC.
I got hit the other night around midnight. The first night I lost DNS. My network was down all night.
I thought I was doing enough by only allowing my network devices to access only ISP DNS servers. It stopped my network devices from accessing bad web pages and getting loaded up with bad code so my network was kind of off line because there was no valid DNS server available. I was drinking so I waited till the next day. All devices are pointed to my router so it is the focus point for DNS. I was able to ping outside on the internet but DNS was not working. That means I had to rebuild my router as something happened to my DNS. I flashed it twice and then setup the router again from scratch. This time I tightened up security a little more. I locked remote access down to a very small local network. I blocked all IPv6 traffic. I again locked my DNS access to only 2 DNS servers. All other DNS server will fail. I got hit the next night around midnight again. The network stopped for about 10 to 20 minutes. Then they went away this time so I am thinking I faired better. I did not need to rebuild the router this time.
Once your PC accesses a bad web page from DNS poisoning it needs to be rebuilt from scratch because there is no way to tell what was loaded on the PC.