DNS servers 'vulnerable to attack'

wacky_lokpo · 10-26-2005, 09:35 AM

Many DNS servers are wrongly configured or running out-of-date software, leaving them vulnerable to malicious attacks, according to a survey published on Monday.

The Measurement Factory, an Internet performance firm, warned that Internet Systems Consortium's BIND software, which performs the domain name resolution function, is out-of-date on a fifth of DNS servers — which underpin the Internet by translating domain names into IP addresses.

DNS servers which run BIND versions lower than 9 are 'opening the door' to pharming attacks through DNS cache poisoning, The Measurement Factory claimed.

DNS cache poisoning involves hacking into DNS servers and replacing the numeric addresses of legitimate Web sites with the addresses of malicious sites. Internet users are then redirected to fake Web pages where they may be asked for information such as bank account details or unwittingly have spyware installed on their PCs.

????: NamePros.com http://www.namepros.com/industry-news/135087-dns-servers-vulnerable-to-attack.html
Thomas Kristensen, chief technical officer of security company Secunia, told ZDNet UK it was likely that 20 percent of DNS servers were running out-of-date software, as the survey claimed, but he downplayed the risk of vulnerabilities being exploited.

"It should be noted that the 8.x and 4.x versions [of BIND] aren't vulnerable as such, but they were designed in a manner which makes them unsuitable for use as forwarders in specific DNS server setups. If these servers are used in a setup where they are used as forwarders then it is possible to conduct cache poisoning attacks against them," said Kristensen.

Kristensen added that Internet Systems Consortium strongly recommends against using 4.X and 8.X versions of BIND as forwarders.

A DNS server stores the numerical addresses of legitimate Web sites in a cache. DNS forwarders will forward queries onto other name servers if it does not have the necessary information to resolve these requests itself.

This process is known as "recursive name service", as the DNS server will push its request up the hierarchy of DNS servers until it reaches one that can resolve it.

The Measurement Factory surveyed 1.3 million DNS servers, and found that more than three quarters of them allow recursive name service to "arbitrary queriers", rather than from trusted users. This will open a name server up to malicious attacks, according to the report.

For the full article, please go to:
http://news.zdnet.co.uk/internet/sec...9233366,00.htm

10-26-2005, 09:35 AM	THREAD STARTER #1 (permalink)
wacky_lokpo NamePros Member Join Date: Sep 2005 Posts: 68	DNS servers 'vulnerable to attack' Many DNS servers are wrongly configured or running out-of-date software, leaving them vulnerable to malicious attacks, according to a survey published on Monday. The Measurement Factory, an Internet performance firm, warned that Internet Systems Consortium's BIND software, which performs the domain name resolution function, is out-of-date on a fifth of DNS servers — which underpin the Internet by translating domain names into IP addresses. DNS servers which run BIND versions lower than 9 are 'opening the door' to pharming attacks through DNS cache poisoning, The Measurement Factory claimed. DNS cache poisoning involves hacking into DNS servers and replacing the numeric addresses of legitimate Web sites with the addresses of malicious sites. Internet users are then redirected to fake Web pages where they may be asked for information such as bank account details or unwittingly have spyware installed on their PCs. ????: NamePros.com http://www.namepros.com/industry-news/135087-dns-servers-vulnerable-to-attack.html Thomas Kristensen, chief technical officer of security company Secunia, told ZDNet UK it was likely that 20 percent of DNS servers were running out-of-date software, as the survey claimed, but he downplayed the risk of vulnerabilities being exploited. "It should be noted that the 8.x and 4.x versions [of BIND] aren't vulnerable as such, but they were designed in a manner which makes them unsuitable for use as forwarders in specific DNS server setups. If these servers are used in a setup where they are used as forwarders then it is possible to conduct cache poisoning attacks against them," said Kristensen. Kristensen added that Internet Systems Consortium strongly recommends against using 4.X and 8.X versions of BIND as forwarders. A DNS server stores the numerical addresses of legitimate Web sites in a cache. DNS forwarders will forward queries onto other name servers if it does not have the necessary information to resolve these requests itself. This process is known as "recursive name service", as the DNS server will push its request up the hierarchy of DNS servers until it reaches one that can resolve it. The Measurement Factory surveyed 1.3 million DNS servers, and found that more than three quarters of them allow recursive name service to "arbitrary queriers", rather than from trusted users. This will open a name server up to malicious attacks, according to the report. For the full article, please go to: http://news.zdnet.co.uk/internet/sec...9233366,00.htm __________________ Flaunt

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Fun with DNS: Three Useful Commands	manatee123	Webmaster Tutorials	16	02-12-2006 01:19 PM
10 Central DNS servers? Where? Is this correct?	mholt	The Break Room	3	10-23-2005 04:13 AM
DNS cache poisoning attack?	Veolus	Web Hosting Discussion	2	08-06-2005 06:07 PM
Specifying the DNS servers for a .ch domain	Castlemelody	Web Hosting Discussion	5	06-26-2005 04:46 PM
ICANN-backed project pushes DNS security	Cheapquality	Industry News	0	04-07-2005 10:19 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)