Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attack Code Published For DNS Vulnerability

Posted by samzenpus on from the protect-ya-neck dept.

get_Rootin writes "That didn't take long. ZDNet is reporting that HD Moore has released exploit code for Dan Kaminsky's DNS cache poisioning vulnerability into the point-and-click Metasploit attack tool. From the article: 'This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache.' Here's our previous Slashdot coverage."

3 of 205 comments (clear)

  1. Re:DNS Glue poisoning was already known... by Anonymous Coward · · Score: 5, Insightful

    Congratulations, you confused the mods. Bailiwick checking was added to all DNS resolvers in response to glue poisoning and made cache poisoning through spoofed glue records very difficult. The current problem is that the typical filter rules are insufficient for stopping a glue poisoning attack which appears to come from the authoritative server: Kaminsky found a way around the glue poisoning countermeasure. This means that a very dangerous kind of attack which was thought to be defeated is now possible again.

  2. Re:Here we go... by Anonymous Coward · · Score: 5, Insightful

    Yes, there was. Before there was bailiwick filtering, spoofing was even easier. Back in the days, DNS servers would even accept "responses" with bogus data out of the blue. We've come a long way and we don't stop here. A patch of bad weather is ahead, but the sky is not falling.

  3. Re:Here we go... by Anonymous Coward · · Score: 4, Insightful

    This attack vector has been around for /years/. Just look at the list of affected systems. Some friends and I had stumbled on this a few years ago (yes, and the fact that you can insert yourself as an authoritative nameserver for that domain,) but we figured it was so obvious that it didn't need to be announced. That coupled with the fact that phishing wasn't really as popular back then. But now that the cat is out of the bag, as it were, you definitely want to patch your machines if they have not been. This is mostly dangerous to people who use Nameservers of large ISPs (which admittedly is a large portion of the internet userbase.)

    I guess this is just a wake up call that if you find such large flaws in network systems that could possibly affect millions, if not billions of users, that you should try to get the word out and get the products fixed beforehand.