Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attack Code Published For DNS Vulnerability

Posted by samzenpus on from the protect-ya-neck dept.

get_Rootin writes "That didn't take long. ZDNet is reporting that HD Moore has released exploit code for Dan Kaminsky's DNS cache poisioning vulnerability into the point-and-click Metasploit attack tool. From the article: 'This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache.' Here's our previous Slashdot coverage."

2 of 205 comments (clear)

  1. Re:See if you're vulnerable by maXXwell · · Score: 5, Informative

    The DNS OARC (http://dns-oarc.net) has an improved version:

    http://entropy.dns-oarc.net/test/

  2. Use OpenDNS if your ISP is vulnerable by duplicate-nickname · · Score: 5, Informative

    I used one of the tests below and found that my ISP's DNS servers were vulnerable. Now I am using the OpenDNS servers on all of my clients instead:

    208.67.222.222
    208.67.220.220

    Their servers are not vulnerable, and you can create an account to enable things like antiphishing at the DNS level (much better idea then a browser plug-in).

    If you find that your ISP's routers are vulnerable, your best bet is switch to OpenDNS...or just run your own caching server.

    --

    ÕÕ