[PLUG] DNS ... cache poisoning [big deal]

JP Vossen on 9 Jul 2008 12:02:57 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] DNS ... cache poisoning [big deal]

From: JP Vossen <jp@jpsdomain.org>

To: plug@lists.phillylinux.org

Subject: [PLUG] DNS ... cache poisoning [big deal]

Date: Wed, 09 Jul 2008 15:02:45 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.14 (Windows/20080421)

This is a big deal announced yesterday. http://www.kb.cert.org/vuls/id/800113 Vulnerability Note VU#800113 Multiple DNS implementations vulnerable to cache poisoning Overview Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. [...] --- cut --- Basically, a well-known security researcher named Dan Kaminsky has solved some challenges with regard to exploiting previously acknowledged issues with the DNS protocol (not implementations, protocol), with the result that large-scale "poisoning" DNS caches is now feasible. That's a big deal. Among other things, it allows for virtually undetectable phishing, spear phishing, and malware distribution. We all know that some funky URL that claims to be Paypal isn't. But if your DNS lies to you and sends you someplace else when you manually type in the correct Paypal URL, that's something else again. And that's what this vulnerability allows. From what I'm reading, this was handled really well by Kaminsky. Rather than irresponsible disclosure, he has worked with CERT and many others in "the largest synchronized security update in the history of the Internet, and [which] is the result of hard work and dedication across dozens of organizations." [1] He will release the details along with a tool to help determine upstream vulnerability at a security conference on August 6th. "The good news is that due to the nature of this problem, it is extremely difficult to determine the vulnerability merely by analyzing the patches; a common technique malicious individuals use to figure out security weaknesses." [1] If you or your company run your own DNS servers, you need to jump on this. If you don't, you'll want to check upstream, especially after the testing tool is released. Windows: http://www.kb.cert.org/vuls/id/484649 > http://www.microsoft.com/technet/security/bulletin/MS07-062.mspx ISC2 BIND http://www.kb.cert.org/vuls/id/252735 > http://www.isc.org/sw/bind/bind-security.php Later, JP [1] http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/ http://securosis.com/publications/DNS-Executive-Overview.pdf ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] DNS ... cache poisoning [big deal]
From: "K.S. Bhaskar" <bhaskar@bhaskars.com>

Prev by Date: [PLUG] looking to trade project Macbook for Linux laptop

Next by Date: Re: [PLUG] laptop issue

Previous by thread: [PLUG] looking to trade project Macbook for Linux laptop

Next by thread: Re: [PLUG] DNS ... cache poisoning [big deal]

Index(es):

Date

Thread