| | | RssFeeds
 
Get NetworkComputing Connect Search   Search Search
 
NWC Print
Aug 2008
Beyond Headlines
Buzzcut
Editorial
Cover Story
On the Record
Inshort
In-Depth
Down to Business
Techmall
Last Mile
Archieve
 

Security Community Cooperates to Fix 'DNS Poisoning'


Armed with knowledge of DNS transaction IDs, an attacker could reroute requests for certain Web sites to Web sites of his or her choosing or hijack e-mail.

 By Thomas Claburn, InformationWeek, July 10 2008, 1200 hrs

US-CERT, the government's cyber security arm, on Tuesday warned of a serious weakness in the Domain Name System (DNS) protocol that could be used to send Internet users to malicious sites.



In an unusual move that reflects the seriousness of the security flaw, news of the vulnerability was delayed for months to allow software vendors like Microsoft, Cisco, and Sun -- more than 80 are affected -- to release coordinated fixes.


As part of its monthly patch schedule, Microsoft on Tuesday fixed the DNS flaw in Windows with patch MS08-037, "Vulnerabilities in DNS Could Allow Spoofing."


Amol Sarwate, manager of vulnerability labs at Qualys, considers the vulnerability to be significant. "I wouldn't characterize it as an end of the world scenario but it is a very important vulnerability," he said.


While details about the vulnerability and how to exploit it have been deliberately withheld, Sarwate said that the issue appears to be that the transaction ID generated in a DNS request -- querying a DNS server to link an IP address with an Internet domain name -- is insufficiently random to avoid being guessed by a knowledgeable attacker.


Armed with knowledge of DNS transaction IDs, an attacker could reroute requests for certain Web sites to Web sites of his or her choosing or hijack e-mail. The technique is called DNS poisoning.


US-CERT says that "per-query source port randomization" can mitigate the risk posed by the vulnerability.


"The effect of the vulnerability, if it was ever exploited, is enormous," explained Jeff Kalwerisky, chief security evangelist of Alpha Software. "Someone who exploited the vulnerability would be able to reroute every single transaction in your computer."


"The good news is that for the average user on the desktop, if you've got automated patching on Windows, you've got the patch already," said Kalwerisky. "The hard part is a large corporation with multiple DNS servers and routers and switchers."


Kalwerisky advises patching as soon as possible.


Dan Kaminsky of IO Active, the researcher who discovered the flaw, has posted an online vulnerability checker at doxpara.com. And if checking one's site can be done so easily, expect cyber criminals to scout the Net for vulnerable machines just as soon as they figure out how the flaw can be exploited.


Kalwerisky said that the way the vulnerability has been handled shows the security community can work together effectively. "Dan has proved the utter value of independent secure researchers," he said "Security should not be locked up in Microsoft or other software houses."


Kaminsky is scheduled to disclose details about the vulnerability at the Black Hat Conference in Las Vegas on August 6th.
Print this Page   E-mail this Page
RATE THIS ARTICLE
 Worse   Better 
Comment:*
First Name:*
Last Name:*
Company:
City:*
E-mail:*
Verification Code:*

Type the characters you see in the picture above.
 
  Reset

Comments >>
1
No Comments to display

Disclaimer >>
Messages posted on this Web site under the `Comments' area are solely the opinions of those who have posted them and do not necessarily reflect the opinions of UBM India Pvt. Ltd.(CMP) or its site www.networkcomputing.in . Gossip, mud slinging and malicious attacks on individuals and organizations are strictly prohibited. UBM India Pvt.Ltd .(CMP) and www.networkcomputing.in can not be held responsible for errors or omissions in content, nor for the authenticity of the user/company name or email addresses associated with posted messages. UBM India Pvt.Ltd. (CMP) reserves the right to edit or remove messages containing inappropriate language or any other material that could be construed as libelous, potentially libelous, or otherwise offensive or inappropriate. UBM India Pvt.Ltd.(CMP) and www.networkcomputing.in do not endorse the products and services or any other offerings mentioned in these messages.
 
 CIO Perspectives >>

“User is the King. Ultimately it is the user who will come back and inform whether a technology is benefiting the company or not.”

Shirish Gariba, CIO, Elbee Express

 

More: CIO Perspectives >>


 FEATURED STORIES >>

Largest Core Banking Rollout in Indian Co-operative Banking Sector

Punjab State Co-op Bank has selected Flexcube, Oracle Database and Oracle Financial Services OnDemand to replace manual processes and enhance efficiency by maintaining customer intimacy  created over the years

 

What Linux Will Look Like In 2012

Our open source expert foresees the future of Linux: By 2012 the OS will have matured into three basic usage models. Web-based apps rule, virtualization is a breeze, and command-line hacking for basic system configuration is a thing of the past

 

Icahn Would Sell Yahoo's Search Business to Microsoft for $1 Billion

Under Icahn's plan, Microsoft also would pay billions of dollars to become the exclusive search provider on all Yahoo sites for a term of 5 years

CAST YOUR VOTE>>
Has the security risk to your organization increased in the past one year?



View Polls Archive
ADVERTISEMENTS >>
 
News | Server & Storage | Network Infrastructure | Information Security | Enterprise Applications | Connectivity & Convergence | Whitepaper | Management
International Partners: Germany
Media Kits | Reprints | Privacy Statement | California Privacy Rights | Copyright © 2007 CMP Media LLC | Terms of Service
Content Management System By AdwebTech | Search Engine Optimization By AdwebTech & eBrandz | Web Hosting By AdwebTech & Hostway
Powered By: ssCMS 2.2.0.0