- Impact
- 0
Many DNS servers are wrongly configured or running out-of-date software, leaving them vulnerable to malicious attacks, according to a survey published on Monday.
The Measurement Factory, an Internet performance firm, warned that Internet Systems Consortium's BIND software, which performs the domain name resolution function, is out-of-date on a fifth of DNS servers — which underpin the Internet by translating domain names into IP addresses.
DNS servers which run BIND versions lower than 9 are 'opening the door' to pharming attacks through DNS cache poisoning, The Measurement Factory claimed.
DNS cache poisoning involves hacking into DNS servers and replacing the numeric addresses of legitimate Web sites with the addresses of malicious sites. Internet users are then redirected to fake Web pages where they may be asked for information such as bank account details or unwittingly have spyware installed on their PCs.
Thomas Kristensen, chief technical officer of security company Secunia, told ZDNet UK it was likely that 20 percent of DNS servers were running out-of-date software, as the survey claimed, but he downplayed the risk of vulnerabilities being exploited.
"It should be noted that the 8.x and 4.x versions [of BIND] aren't vulnerable as such, but they were designed in a manner which makes them unsuitable for use as forwarders in specific DNS server setups. If these servers are used in a setup where they are used as forwarders then it is possible to conduct cache poisoning attacks against them," said Kristensen.
Kristensen added that Internet Systems Consortium strongly recommends against using 4.X and 8.X versions of BIND as forwarders.
A DNS server stores the numerical addresses of legitimate Web sites in a cache. DNS forwarders will forward queries onto other name servers if it does not have the necessary information to resolve these requests itself.
This process is known as "recursive name service", as the DNS server will push its request up the hierarchy of DNS servers until it reaches one that can resolve it.
The Measurement Factory surveyed 1.3 million DNS servers, and found that more than three quarters of them allow recursive name service to "arbitrary queriers", rather than from trusted users. This will open a name server up to malicious attacks, according to the report.
For the full article, please go to:
http://news.zdnet.co.uk/internet/security/0,39020375,39233366,00.htm
The Measurement Factory, an Internet performance firm, warned that Internet Systems Consortium's BIND software, which performs the domain name resolution function, is out-of-date on a fifth of DNS servers — which underpin the Internet by translating domain names into IP addresses.
DNS servers which run BIND versions lower than 9 are 'opening the door' to pharming attacks through DNS cache poisoning, The Measurement Factory claimed.
DNS cache poisoning involves hacking into DNS servers and replacing the numeric addresses of legitimate Web sites with the addresses of malicious sites. Internet users are then redirected to fake Web pages where they may be asked for information such as bank account details or unwittingly have spyware installed on their PCs.
Thomas Kristensen, chief technical officer of security company Secunia, told ZDNet UK it was likely that 20 percent of DNS servers were running out-of-date software, as the survey claimed, but he downplayed the risk of vulnerabilities being exploited.
"It should be noted that the 8.x and 4.x versions [of BIND] aren't vulnerable as such, but they were designed in a manner which makes them unsuitable for use as forwarders in specific DNS server setups. If these servers are used in a setup where they are used as forwarders then it is possible to conduct cache poisoning attacks against them," said Kristensen.
Kristensen added that Internet Systems Consortium strongly recommends against using 4.X and 8.X versions of BIND as forwarders.
A DNS server stores the numerical addresses of legitimate Web sites in a cache. DNS forwarders will forward queries onto other name servers if it does not have the necessary information to resolve these requests itself.
This process is known as "recursive name service", as the DNS server will push its request up the hierarchy of DNS servers until it reaches one that can resolve it.
The Measurement Factory surveyed 1.3 million DNS servers, and found that more than three quarters of them allow recursive name service to "arbitrary queriers", rather than from trusted users. This will open a name server up to malicious attacks, according to the report.
For the full article, please go to:
http://news.zdnet.co.uk/internet/security/0,39020375,39233366,00.htm
