Serious DNS Vulnerability

Older versions of almost every popular implementation of DNS (eg. BIND, Windows, Cisco, Solaris, Juniper) have a vulnerability which would allow an attacker to “cache-poison” the server. This means that a compromised server, possibly your ISP’s, could direct you to fraudulent websites.

For example, this sort of attack could mean that if you typed http://www.paypal.com into your browser, a cache-poisoned DNS could direct you to an IP address that is not operated by PayPal, but the address bar would still say http://www.paypal.com. This attack can not spoof the PayPal SSL certificates, but could list one with a similar name, making this an extremely dangerous phishing technique.

One would hope all the major ISPs and public name servers would have patched this vulnerability, but it’s likely that smaller servers, such as at businesses, universities or individuals, may not have.

Test your DNS server here, many large ISPs have been very slow to patch:

http://www.doxpara.com/

If this test shows your DNS to be vulnarable, change your DNS settings to the ones specified at OpenDNS.

Vulnerability specifications:
http://www.auscert.org.au/render.html?it=9546

Advertisements

Tags: , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: