dns

You are currently browsing articles tagged dns.

DNS exploit comes back to bite HD Moore

July 31, 2008 in dns, exploit, networking, security by Daniel Nyström | No comments

Fromakeg on Flickr - http://flickr.com/photos/akeg/
From akeg on Flickr.

From VNUNET via Packetstorm:

H D Moore, who crafted the original DNS exploit module, said in a blog posting that an attacker managed to run the cache-poisoning attack on a server belonging to AT&T’s internet service in Austin, Texas.

As a result of the attack, servers at BreakingPoint Systems, the network security firm which employs Moore as director of security research, redirected employee machines from Google.com to a third-party site loaded with advertisements.

Apparently no real damage caused by it for them, but there must be loads of other users on AT&T’s DNS-servers.

I’m all for full disclosure but this is really affecting a lot of people. We are seeing a big increase in infected computers and the DNS flaw might be what’s behind this (but I have no concrete proof of it).

Anyhow, admins at larger ISP’s better get patching now if they haven’t started already.

Cheers,

Tags: , , ,

Serious design flaw in DNS (BIND)

July 24, 2008 in dns, exploit by Daniel Nyström | No comments

Interwebz/tubes/etc.. ;)
From CNET:

On July 8, IOActive researcher Dan Kaminsky disclosed a flaw in the DNS but would not provide the details until all the affected vendors had released patches and all the systems worldwide could be patched. He figured that it would take about 30 days for that to happen.

The 30-day mark just happened to coincide with his speaking engagement at Black Hat in Las Vegas on August 6.

But on Monday, fellow Black Hat presenter Halvar Flake attacked Kaminsky’s plea that a security flaw such as this be kept a secret. Flake then proceeded to lay out what he thought the flaw was. Turns out, he was right and laid the foundation for others to create and publicize an exploit.

Other than what was linked in that article another exploit has also been added to the Packet storm exploit archive. Both of these are Metasploit modules and HD Moore (founder of the Metasploit project) is listed as one of the exploits authors.

Cheers and happy patching!

Tags: , ,