Welcome | Sign In
TechNewsWorld.com
Exploits & Vulnerabilities

Where Are All the Dangerous DNS Exploits? Nowhere and Everywhere

Print Version
E-Mail Article
Reprints
Where Are All the Dangerous DNS Exploits? Nowhere and Everywhere

By Chris Maxcer
TechNewsWorld
08/07/08 2:00 PM PT

If security researcher Dan Kaminsky is right about the dangers threatening DNS security, how come nobody's drawn attention to any specific, massively mobilized exploits of the vulnerability? It's because of the nature of DNS -- servers are indeed being continuously poisoned, according to admins, but it's hard to tell exactly who's being exploited and how.


Success is just a matter of knowing the right "secrets." Download the free eBook, "The Edge of Success: 9 Building Blocks to Double Your Sales." You will discover the fastest, most effective ways to grow your business and still have time to live your life.

Dan Kaminsky, the security researcher who first sounded the alarm that the entire Internet was in grave danger due to a widespread vulnerability, has revealed in front of a packed audience at the Black Hat security conference the details behind the initial subterfuge -- and potential problems that could still pick apart the Web world as we know it.

At the heart of the matter is the Domain Name System (DNS), which handles Internet addresses and routes traffic accordingly. If a DNS server gets compromised, the addresses running through it can be spoofed without an end user even being aware of the problem. It would be like following a car navigation system with turn-by-turn directions to a bank and never realizing that the directions in fact led to a fake building that was only pretending to a be a bank.

So yes, Web browsers can get sent to the wrong sites, or e-mail can get routed to the wrong servers. If a hacker with nefarious intent is laying in wait at the destination, what seemed to be a safe and secure communication could be watched, copied and put to use to empty bank accounts, steal identities or jump-start careers in the field of corporate espionage.

The details of the DNS flaw have been out in the wild for weeks; meanwhile, administrators have been working overtime patching servers all around the world. While many servers have been adequately fixed, many have not. If the attacks have been available and lurking in dark alleys and in broad daylight, how come official reports of actual DNS poisoning exploits based on this known vulnerability have been nearly nonexistent?

Dark Answers

"The vulnerability is that your DNS gets poisoned. You can tell if your DNS is poisoned by looking at your cache [in a DNS server], but what you can't tell is if any user queried your data, got back bad data, and then acted on it. DNS doesn't log queries, so you have no record of it," Mel Beckman, a California-based system administrator for multiple name servers, told TechNewsWorld.

Say, for example, that a customer went into a grocery store and used cash to buy tomatoes that had been tainted with salmonella. The grocery store could eventually learn that it had sold some bad veggies, but it couldn't necessarily figure out which customers actually bought them.

"So we may never know if anyone got DNS poisoning for, say, Bank of America (NYSE: BAC) and went to a phony Bank of America and gave up their account information," Beckman added. It's impossible to identify if someone's credit card information, for example, was stolen via DNS spoofing or some other method, he added.

"There's a disconnect between detecting the problem and detecting the people affected by the problem," he said.

Funny Games in China?

Despite the lack of victim-specific evidence, there are exploits working the world's DNS servers over right now, Beckman said.

"There are a lot of Chinese sites that are actively trying to exploit the flaw to the point that some major network operators are blocking all traffic from China," Beckman said. "Some customers are finding this out as they try to get some of their Olympic coverage from China," he added.

It doesn't help that many DNS servers are some of the oldest servers in data centers. Because DNS servers typically have fairly light loads, they don't need to have a lot processing power and memory. But now, Beckman said, "some DNS servers are falling over just from the attack traffic."

More Than Web Pages and E-Mail

Kaminsky also noted that DNS is woven into the fabric of our electronic lives well beyond the scope of Web sites. The DNS flaw could be used a variety of ways, including stalwart protocols like File Transfer Protocol (FTP) and Secure Socket Layer (SSL).

"The troubling part is that the fix isn't 'permanent,'" Rich Mogull, an independent security analyst for Securosis.com, told TechNewsWorld.

"The attack still works, it just takes much longer to execute. As a result, it's absolutely critical that organizations monitor DNS and deploy other protective measures to detect and stop the attack," he explained.

"Dan's fix slowed it enough that we can detect and respond to it, but only if we use additional security controls, like IDS/IPS (intrusion detection system/intrusion prevention system) on top of the patch," he noted.

Print Version E-Mail Article Reprints More by Chris Maxcer

Talkback: Be the first to comment on this story.

More by Chris Maxcer

Sorry, You Just Can't Pin Down Apple Consumers
February 09, 2010
A recent study seems to suggest that Apple's big iPad reveal was a big disappointment and that the majority of consumers have no interest in the thing. But Apple has a knack for changing peoples' minds and shifting them into "buy" mode. For some consumers, anyway, it's a lot easier to say "no" now, when the product isn't even available, than it will be in a few months when iPads are actually on shelves. 		Taking the Good With the Bad in the New iPad
February 02, 2010
When Apple dives head-first into a new category, it usually likes to do so on its own terms, and the iPad launch was no exception. It looks like it has Apple's signature design and build quality, its OS is familiar to millions, and the asking price is a pleasant surprise. On the other hand, there also appear to be some unfortunate omissions in the iPad's design. 		Apple's Tablet Is Coming - Get Ready for Disappointment
January 26, 2010
The media have been huffing Apple tablet fumes for months, so get ready for a big hangover when Steve Jobs takes the stage Wednesday and announces the truth about what the company has been working on. When nothing's really known, anything is possible, and the idea of the tablet can be all things to all people. When the big reveal comes, some rumors and hopes will inevitably be shot down.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> WiFi Hotspot Locator
> Inside TechNewsWorld
TechNewsWorld
E-Commerce Times
MacNewsWorld
White Papers | Case Studies | Reports
How CEN E-Invoicing Compliance Guidelines Impact Your Company
The Business Case for Virtualization Management: A New Approach to Meeting IT Goals
Why Offshore Projects Fail: 6 Things to Know Before You Outsource
Peak Oil & Sustainability: CRM's Potential Impact and 10 Innovations CRM Vendors Should Consider
VCs Speak Out: Where the Tech Investments Are Going
CRM Buyer
LinuxInsider
Today's TechNewsWorld Sponsors
Secure Your Datacenter
Mitigate risk and maximize the benefits of virtualization. Get the free eBook today.
Data Deposit Box Online Storage
Sign up for a 2 week free trial and start earning recurring revenue today.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2010 ECT News Network, Inc. All Rights Reserved.