Slashdot Mirror

← Back to Stories (view on slashdot.org)

"DNS Forgery Pharming" Attack Against BIND 9

Posted by kdawson on from the better-hope-sitekey-works dept.

Monley writes "Help Net Security is running a story about a severe flaw in BIND's implementation that allows fraudsters to efficiently predict generated random numbers without the need to control the route between the user and the DNS server. (Here are HTML and PDF versions of the paper.) Using this vulnerability, fraudsters can remotely forge DNS responses and direct users to fraudulent websites, which can steal the user's sign-in credentials and do other mischief. The flaw was discovered by security researcher and Trusteer's CTO, Amit Klein." The ISC has released a patch to BIND 9.

2 of 105 comments (clear)

  1. Re:New by e9th · · Score: 3, Informative
    This weakness of BIND has been griped about for TEN YEARS!

    http://www.openbsd.org/advisories/res_random.txt http://cr.yp.to/djbdns/forgery-cost.txt

  2. Re:Complexity breeds problems. by Kreggan · · Score: 3, Informative

    Frankly, yes. The basic concepts of a DNS server are fairly straightforward, but as demonstrated by this attack, the devil is in the details. This attack uses reasonably advanced cryptanalysis, and exploits the predictable behaviour of DNS clients. I suspect that this attack would also have been mitigated by the use of DNSSEC, but the roll-out of that has been held up for years - and DNSSEC itself introduces even more cryptographic complexity.