DNS Cache Polution

DNS Cache Polution

Much news is being made of the DNS flaw identified by Dan Kaminsky. McAfee Avert Labs Blog has the most succinct description of the problem.

The vulnerability essentially comes from DNS servers using UDP and predictable port sequences during recursive queries. An attacker can guess the next port and respond to the query with a false address. The DNS server accepts the forged attack, and www.mybank.com becomes the attacker’s IP address in its cache. It will respond to client requests for www.mybank.com with the forged information.

This can be quite a concern as the website, if properly duplicated, will look exactly the same to the end-user. What happens next is largely up what the attacker intends to do. The most common follow-up would be a phishing attack, wherein the website simply gathers people’s banking credentials. Bruce Schneier wrote a recent Wired article on this flaw. Schneier makes an excellent point. “Stop assuming that systems are secure unless demonstrated insecure; start assuming that systems are insecure unless designed securely.”

 

Related Links:

Dan Kaminsky: DNS Checker
http://www.doxpara.com/?page_id=1159

Lesson From the DNS Bug: Patching Isn’t Enough by Bruce Schneier
http://www.wired.com/politics/security/commentary/securitymatters/2008/07/securitymatters_0723

Posted by