By Smitch - CTO | July 19, 2008
Recently a new DNS vulnerability has been discovered (Read the story here) which allows a malicious hacker to poison a DNS cache. The ability to poison a cache allows someone to redirect traffic (web, ftp, email, etc) away from intended sites to a hacker’s own site(s), which may host virii, trojans, bot-inserters, etc, so it is important to protect yourself against this type of exploit.
Without going into huge detail here, we all need to take a look at our own ISP’s DNS setup, and also the DNS most of us run on our VPSs and servers. The vulnerability is, as yet, undisclosed, but will be announced at the Black Hat Conference on August 7th. (Read this article). After that, the vulnerability will be out in the wild and we all know that hackers will be looking to exploit it as much as possible before everyone has an opportunity to secure their set-ups.
DNS-OARC have provided a web-based tool which you can use to check your home or office ISP’s DNS resolvers for vulnerability. If either of the test results report “POOR” you need to get onto your ISP’s case, right now, and ask them what they’re doing to fix things before the 7th August deadline. Click here to run the test.
You should also check your own VPSs and servers to see if they allow recursive look-ups and, if they do and you have no need for this, turn off recursion. Our Support Team will be happy to test and advise on all customer set-ups. If you are unsure what to do simply open a support ticket. Our own DNS clusters are already secure, and our recursive name-servers are currently being modified to prevent any intrusions.
Any customers who suspect that their own ISP’s DNS is exploitable and that this will not be fixed promptly are welcome to open a ticket to support asking for details of our recursive name-servers which they may then use. Public services like OpenDNS are also available.Tagged as:dns cache dns resolvers dns setup exploit hackers intrusions malicious hacker trojans vulnerability