Average Rating: Rate this article:

DNS Exploit Means Quick Patches Are Critical By Jennifer LeClaire July 25, 2008 2:26PM     IOActive's Dan Kaminsky discovered a flaw in the Internet's Domain Name System (DNS) software, and with the attack code leaked by developers of the Metasploit hacking toolkit, security experts are saying that everything that uses DNS -- from desktop PCs to mainframes -- needs to be patched immediately, or network security is at risk.   Related Topics DNS Network Security Software Patch Hacker McAfee Latest News Plasma-TV Ban Could Be Costly Barnes & Noble Nook Is Delayed Flat PC Shipments Hurt Dell's Stock Ballmer Says Windows 7 Sales Good New Pogoplug 'Cloud' Gets Social Researchers have released software that exploits the recently leaked flaw in the Internet's Domain Name System (DNS) software. That may mean IT admins are in for a long weekend of implementing and testing the patch. IOActive researcher Dan Kaminsky discovered the bug earlier this month. The attack code was released Wednesday by developers of the Metasploit hacking toolkit, headed by the infamous HD Moore. By exploiting this vulnerability, an attacker can redirect an ISP's users to a malicious phishing server every time they try to visit a legitimate Web site. The patches released through various vendors should protect from the threat, but it may be a rush for some. Understanding the Root of the Threat The threat emerges from two different issues with the DNS protocol, according to McAfee Avert Labs. DNS primarily uses UDP packets to send questions and receive answers. The client will accept any packet as an answer to its question on three conditions: the packet is coming from the DNS server, the source and destination ports match the destination and source ports of the question packet and, most importantly, the transaction ID and question match its question. "An attacker can spoof such an answer packet as long as he can pretend to be the DNS server and also guess the source port and transaction ID (the destination port is usually 53)," said Ravi Balupari, a security researcher at McAfee Avert Labs. "The attacker also needs to make sure his spoofed answer packet reaches the client before the actual answer packet from the legitimate DNS server." Complicating matters, when a DNS server replies to a question, it can also include additional information in the answer to make future processes more efficient. Combining the answer packet spoof with the additional information makes the story more interesting because it makes exploitation easier. In reality, Balupari said, a large number of attempts are required to guess the source port and the transaction ID of a DNS question before the victim's PC receives a legitimate answer from the DNS server. But other attacker strategies can help shorten the guesswork. "If an attacker is successful in predicting the source port and transaction ID, and also inserts the additional information into the spoofed answer packet with the DNS servers pointing to the IP of his evil DNS server, he can control the traffic directed for bob.com domain," Balupari said. (continued...) 1  |  2  |  Next Page >   Advertisement  Network Security 1.   Peer-to-Peer Software Ban Sought 2.   Los Alamos Computer Security Weak 3.   Security Firm Fortinet Plans IPO 4.   Heartland Restraining Order Denied 5.   Social-Networking Security a Concern

Product Information and Resources for Technology You Can Use To Boost Your Business CRM Systems   Experience CRM—and Business—Success today with Salesforce.com. Contact Centers   Run Your Entire Contact Center in the Cloud with LiveOps Enterprise Hardware   Go Green with IBM Blade Center    Enterprise I.T.    Rackspace: It makes a difference when you focus on support.   Go Green with IBM Blade Center   APC introduces server room in a box solutions!   Tell us what you think. Take a survey.   Find out how much you can save with the SQL Server value tool.   See how AT&T can help protect your network. Enterprise Software   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2. Microsoft/Windows   Rackspace: It makes a difference when you focus on support   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2. Network Security   See how AT&T can help protect your network.

Network Security Spotlight

House Lawmakers Push Ban on Peer-to-Peer Software Stung by an embarrassing electronic leak revealing ethics investigations into dozens of lawmakers, Congress moved to prohibit federal employees from using the file-sharing software blamed for the disclosure.   GAO: Los Alamos Computer Security Has Weaknesses Security weaknesses uncovered in Los Alamos National Laboratory's computer network increase the risk of a classified-information breach, says the Government Accountability Office.   Computer Security Firm Fortinet Plans IPO This Week Fortinet plans to go public in an initial public offering, giving investors a chance to tap a network security provider with sales that are expected to grow. The IPO could be valued at $137.5 million or more.

Enterprise Hardware Spotlight

Flat Shipments Hurt Dell Despite Increased Earnings Dell's earnings are up and expectations are solid, but the company's stock still took a hit after analysts signaled the company isn't playing a key role in the PC market recovery.   New Pogoplug 'Personal Cloud' Does Social Networking Cloud Engines has released its newest version of the Pogoplug, a small "multimedia sharing device" that connects hard drives to the Internet and allows a user to access the files remotely.   Apple Tablet Rumored Delayed as Publisher Gears Up There have been so many rumors of an Apple tablet that it has taken on legendary status. But now the legend is being revised with reports of a delay and that a major publisher is getting ready.

Enterprise Technology Spotlight

Flat Shipments Hurt Dell Despite Increased Earnings Dell's earnings are up and expectations are solid, but the company's stock still took a hit after analysts signaled the company isn't playing a key role in the PC market recovery.   Smartphones: A Bigger Target for Security Threats Smartphones are increasingly prevalent and adept at handling more tasks, including trading stocks, paying bills, and buying stuff online. That makes them attractive to thieves and hackers.   FBI Says Hackers Targeting Law Firms, PR Companies Hackers are targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients.

Navigation NewsFactor Network Home/Top News | Enterprise I.T. | Hardware | Software | Communications | Network Security | Wireless Tech | Linux/Open Source Apple/Macintosh | Microsoft/Windows | World Wide Web | Data Storage | E-Commerce | Personal Tech | Tech Trends | Press Releases NewsFactor Network Enterprise I.T. Sites NewsFactor Technology News | Enterprise Security Today | CRM Daily NewsFactor Business and Innovation Sites Sci-Tech Today | NewsFactor Business Report NewsFactor Services FreeNewsFeed | Free Newsletters | Free Whitepapers | About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise Privacy Policy | Terms of Service © Copyright 2000-2009 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo.