News & Information for Technology Purchasers
NewsFactor Network Sites:   NewsFactor.com Security CRM Business Sci-Tech Newsletters XML/RSS Feed  
   
Home Enterprise I.T. Hardware Software Communications More Topics...
Network Security
Average Rating:
Rate this article:  
DNS Exploit Means Quick Patches Are Critical DNS Exploit Means Quick Patches Are Critical
By Jennifer LeClaire
July 25, 2008 2:26PM

    Bookmark and Share
IOActive's Dan Kaminsky discovered a flaw in the Internet's Domain Name System (DNS) software, and with the attack code leaked by developers of the Metasploit hacking toolkit, security experts are saying that everything that uses DNS -- from desktop PCs to mainframes -- needs to be patched immediately, or network security is at risk.
 

Related Topics

DNS
Network Security
Software Patch
Hacker
McAfee

Latest News

Google Buzz Connects Gmail Users
Intel Launches Itanium 9300 Series
iPhone OS, Android Gain in Q4
Nvidia Auto-Switches Notebook GPU
Macworld Focuses on Mobile Apps


Researchers have released software that exploits the recently leaked flaw in the Internet's Domain Name System (DNS) software. That may mean IT admins are in for a long weekend of implementing and testing the patch.

IOActive researcher Dan Kaminsky discovered the bug earlier this month. The attack code was released Wednesday by developers Relevant Products/Services of the Metasploit hacking toolkit, headed by the infamous HD Moore.

By exploiting this vulnerability, an attacker can redirect an ISP's users to a malicious phishing server Relevant Products/Services every time they try to visit a legitimate Web site. The patches released through various vendors should protect from the threat, but it may be a rush for some.

Understanding the Root of the Threat

The threat emerges from two different issues with the DNS protocol, according to McAfee Avert Labs. DNS primarily uses UDP packets to send questions and receive answers. The client will accept any packet as an answer to its question on three conditions: the packet is coming from the DNS server, the source and destination ports match the destination and source ports of the question packet and, most importantly, the transaction ID and question match its question.

"An attacker can spoof such an answer packet as long as he can pretend to be the DNS server and also guess the source port and transaction ID (the destination port is usually 53)," said Ravi Balupari, a security researcher at McAfee Avert Labs. "The attacker also needs to make sure his spoofed answer packet reaches the client before the actual answer packet from the legitimate DNS server."

Complicating matters, when a DNS server replies to a question, it can also include additional information in the answer to make future processes more efficient. Combining the answer packet spoof with the additional information makes the story more interesting because it makes exploitation easier.

In reality, Balupari said, a large number of attempts are required to guess the source port and the transaction ID of a DNS question before the victim's PC receives a legitimate answer from the DNS server. But other attacker strategies can help shorten the guesswork.

"If an attacker is successful in predicting the source port and transaction ID, and also inserts the additional information into the spoofed answer packet with the DNS servers pointing to the IP of his evil DNS server, he can control the traffic directed for bob.com domain," Balupari said. (continued...)

1  |  2  |  Next Page >

 

Tell Us What You Think
Your Comment:

Also Visit:


Advertisement


 Network Security
1.   China Cyberattacks: Pervasive Threat
2.   Patch Tuesday Will Tie MS Record
3.   Cybersecurity Appears Hot for 2010
4.   EPIC Objects To Google-NSA Ties
5.   Torrent Traps Used To Harvest Logins


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

CRM Systems

  Experience CRM—and Business—Success today with Salesforce.com.

Data Storage

  AT&T Synaptic Storage as a Service. Learn more.

Enterprise Hardware

  Trade in your old printer and save up to $400.
  Find out why now is the best time to buy a new APC Smart-UPS!
  HP ProLiant G6 Servers. Perform like a superstar, Save like an accountant.

Enterprise I.T.

  Tell us what you think. Take a survey.
  AT&T Synaptic Storage as a Service. Learn more.
  Find out why now is the best time to buy a new APC Smart-UPS!
  Stand out from other IS Professionals and increase your earning potential.

Enterprise Software

  Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2.

Microsoft/Windows

  Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2.

Enterprise Hardware Spotlight
Nvidia Auto-Switches Notebook GPU To Save Battery Life
Nvidia has taken the wraps off a notebook technology that chooses the best graphics processor for any given application and automatically routes the workload to Nvidia or Intel processors.
 
Microsoft Says Battery Woes Not Caused By Windows 7
Battery problems on Windows 7 machines are not caused by the operating system. That's the position of Stephen Sinofsky, head of the Windows division, in a long posting on the Windows engineering blog.
 
IBM's New POWER7 Servers Save Energy with Big Loads
IBM has unveiled high-capacity servers that are the first to be based on its new, multi-core POWER7 chip. It said the new line is designed "to manage the most demanding emerging applications."
 

Enterprise Technology Spotlight
Intel Launches Quad-Core Itanium 9300 Series Processor
After two unexpected delays, Intel has launched the Itanium 9300 series, a 64-bit, quad-core processor code-named Tukwila that is expected to double the performance of its predecessor.
 
Google May Add Facebook, Twitter Links to Gmail
Google will reportedly roll more social-networking features into Gmail, the fastest-growing e-mail service. The new features could save users the trouble of switching to Facebook or Twitter.
 
IBM's New POWER7 Servers Save Energy with Big Loads
IBM has unveiled high-capacity servers that are the first to be based on its new, multi-core POWER7 chip. It said the new line is designed "to manage the most demanding emerging applications."
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Hardware | Software | Communications | Network Security | Wireless Tech | Linux/Open Source
Apple/Macintosh | Microsoft/Windows | World Wide Web | Data Storage | E-Commerce | Personal Tech | Tech Trends | Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | Free Whitepapers | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2010 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo.