DNS Server Critical Design Flaw Leaves DNS Servers Open to Attack
By ryan | July 24, 2008
Dan Kaminsky, director of penetration testing for security firm IOActive, found a critical flaw in Domain Name Servers while doing non-security research over 6 months ago. Most corporate DNS servers have already been patched, but this just shows how a new design implementation needs to be enacted to prevent things like this from happpening.
The vulnerability is called a DNS cache poisoning attack. As from the US-CERT website:
DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver. The general concept has been known for some time, and a number of inherent deficiencies in the DNS protocol and defects in common DNS implementations that facilitate DNS cache poisoning have previously been identified and described in public literature. Examples of these vulnerabilities can be found in Vulnerability Note VU#800113.
Recent research into these and other related vulnerabilities has produced extremely effective exploitation methods to achieve cache poisoning. Tools and techniques have been developed that can reliably poison a domain of the attacker’s choosing on most current implementations. As a result, the consensus of DNS software implementers is to implement source port randomization in their resolvers as a mitigation.
US-CERT is tracking this issue as VU#800113. This reference number corresponds to CVE-2008-1447.
More details of the Story can be found below:
http://www.securityfocus.com/news/11526/2
http://isc.sans.org/diary.html?storyid=4765&rss
http://www.us-cert.gov/cas/techalerts/TA08-190B.html
Topics: DNS, Internet, Network Maintenance, Security, Vulnerability | No Comments »