Emergency bulletin on the risk of serious security vulnerabilities in DNS systems

The intermediary transaction SEO diagnoses Taobao guest stationmaster buys the Cloud host technology Hall

National Computer network Emergency Technology Processing Coordination Center Emergency bulletin on the risk of serious security vulnerabilities for DNS systems:

Security Bulletin: cn-va08-05

Release date: July 24, 2008

Vulnerability Type: Spoofing

Vulnerability Assessment: Important

Security level: Level Three

Exposure: Public

Vulnerability Description:

Since July 9, 2008, Cisco, Microsoft, ISC and other Internet domain name resolution Service software manufacturers have issued a security bulletin, said its DNS software high-risk vulnerabilities, attackers can be guessed in the DNS resolution of the message sequence number to fake DNS authoritative server response, so as to achieve "pollution" cache ( Cache), the error of the domain name to the information injected into the DNS server, resulting in the pollution of the DNS server will provide external error resolution results. This kind of attack can cause the domain name hijacking attack, causes the public without the knowledge domain name to visit the hacker designated website, faces the phishing and the webpage Trojan and so on a series of serious security threats.

July 22, the detection program for the vulnerability was released, July 23, the full attack on the vulnerability was released, and subsequently widely circulated. My center after a preliminary test found that in a good bandwidth, the attack program on the vulnerable DNS server in just a few minutes to complete the attack, the target will be instantaneous access to a large number of attack messages, easy to be mistaken for "query flood" way of denial of service attacks.

In view of the serious situation and rapid development of the security incident, in order to ensure the safe operation of the Internet in China, the relevant units should promptly take appropriate measures to carry out the necessary security strengthening of the DNS server, and to strengthen the abnormal monitoring and disposal.

Recommended measures:

1, according to the corresponding vendor to upgrade the DNS server system;

2, because in the attack process will be short time a large number of forged domain name resolution response packet, render Denial-of-service attack characteristics, these packets source IP, destination IP, resolved IP address the same, but the serial number is different, can be based on conditional protection equipment (such as intelligent firewall, flow cleaning equipment, etc.) The corresponding rules are configured to screen or filter;

3. Periodically clean up the DNS cache or clean up the cache after discovering unusual access.

Reference information:

Http://www.cert.org.cn/servlet/S ... =bulletin&sub=1

http://www.kb.cert.org/vuls/id/800113

http://www.isc.org/sw/bind/bind-security.php

Http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml

Http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

Additional Information:

CVE Number:

First release date: 2008-7-24

Number of revisions: 0

Security Bulletin Documentation:

cncert/cc

CNCERT/CC to ensure the accuracy and reliability of each announcement before releasing security bulletin information. However, the adoption and implementation of the recommendations in the bulletin is entirely up to the user's own discretion, and its possible problems and results are entirely user-borne. Whether or not to adopt our recommendations depends on the decisions of your individual or your organization, and you should consider whether their content meets the security policies and processes of your individual or your organization.

In any case, if you are confident that your computer system is compromised or attacked, we encourage you to inform the National Computer network Emergency Technology processing Coordination Center in time: http://www.cert.org.cn/servlet/Incident

At the same time, we also encourage all computer and network security research institutes, including manufacturers and research institutes, to report to us the vulnerability information found by your organization. We will verify all vulnerabilities and disclose the vulnerability information on the CNCERT/CC website and instruct the affected users to take action to avoid loss.

If you find any problems with this bulletin, please contact CNCERT/CC: cncert@cert.org.cn