Thursday, August 04, 2005

DNS servers, an internet problem?

Neowin.net notes In a scan of 2.5 million DNS (Domain Name System) servers, which act as the White Pages of the Internet, security researcher Dan Kaminsky found that approximately 230,000 DNS servers could be vulnerable to a threat known as DNS cache poisoning.

During a DNS cache poisoning attack, hackers replace the IP addresses of legitimate Web sites stored on the DNS machine with the address of a malicious site. The address then proceeds to redirect people to the bogus site, where they may be required to input personal information, or have harmful software installed on their computer. The technique can even be used to redirect e-mail, experts said.

"The reason behind a potential attack is money" states the SANS Internet Storm Center, which tracks network threats. Attackers usually get paid for every spyware or adware program that they install on a person's computer.

Out of the 2.5 million DNS servers scanned in the test, 230,000 servers were identified as potentially vulnerable, 60,000 are very likely to be open to this specific type of attack, and 13,000 have a cache that can definitely be poisoned.


Hat tip to Tech Smores

Every ISP has at least two DNS servers, and many webservers have their own DNS server, which acts a primary for their ISP to access to get the proper settings for the domain names on those webservers. All WebServers and DNS servers need to check to see if there are security patches that need to be applied

No comments: