DNS servers open to attack

A large number of Domain Name System servers, a critical part of the Internet’s infrastructure, are vulnerable to attacks that could lead to widespread fraud, according to networking security expert Dan Kaminsky.

A scan conducted by Kaminsky has found that hundreds of thousands of DNS servers could be vulnerable to a type of attack that routes Internet traffic to malicious Web sites. The attack technique, known as DNS cache poisoning, came to public attention in April when attackers used it to redirect traffic from a large number of financial, entertainment, travel, health and software sites to attackers’ servers in order to install malicious code.

Despite the danger, large numbers of servers are still configured in a way that allows the attack to take place, according to Kaminsky. In a scan of about 2.5 million DNS servers, he found that about a tenth could be vulnerable.

DNS servers host a distributed database that allows the translation of domain names (e.g. name.com) to IP addresses. They also route e-mail by listing each domain’s mail exchange server. In a cache poisoning attack, a DNS server is compromised so that a legitimate domain name resolves to the attacker’s IP address, which can present the user with anything the attacker chooses.

Such techniques have been around for years, but the April incident demonstrated that they are not just theoretical. Nevertheless, many DNS servers have been left in the same vulnerable configurations that were exploited. DNS servers are run by all manner of organizations, including corporations and Internet service providers.

At least 230,000 of the servers scanned are configured to forward DNS requests to BIND8 DNS servers, according to Kaminsky. This was one of the vulnerabilities exploited in April, according to security organization the SANS Institute. Of those, 13,000 are Windows name servers forwarding to BIND8, making them exceptionally high-risk, Kaminsky said. Another 53,000 at least are very likely to be vulnerable, he added.

Kaminsky said he has only been able to scan a fraction of the existing name servers so far, which he estimated at nine million.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now