DNS servers -- An Internet Achilles 'heel
DNS server-a critical weakness of the Internet
(Endurer Note: An/one's Achilles heel fatal injury
Achilles is one of the Greek gods, "Achilles ". It is said that Achilles's ankle seems very small, but it is a fatal weakness. See: http://vweb.cycnet.com/cms/2004/englishcorner/practical/t20050623_23574.htm)
By Joris Evers
Author: Joris Evers
Translation: endurer
Keywords:Servers | Security | Internet
Keyword: Server | Security | Internet
Http://techrepublic.com.com/2100-1009_11-5816061.html? Tag = NL. e116
Takeaway:
Scan finds that hundreds of thousands of the servers that act as the white pages of the net are vulnerable to attack.
Overview:
The scan finds that thousands of servers with Web pages are vulnerable to attacks.
Hundreds of thousands of Internet servers are at risk of an attack that wocould redirect unknowing web surfers from legitimate sites to malicious ones.
Thousands of Internet servers are in danger of redirecting unknown web viewers from legitimate sites to malicious sites (endurer Note: At the risk.
In a scan of 2.5 million so-called Domain Name System machines, which act as the white pages of the Internet, security researcher Dan Kaminsky found that about 230,000 are potentially vulnerable to a threat known as DNS Cache locking oning.
Among the 2.5 million domain name resolution system machines scanned for the Internet White Paper, security researcher Dan Kaminsky found that about 0.23 million of them could be threatened by DNS cache poisoning.
"That is almost 10 percent of the scanned DNS servers," Kaminsky said in a presentation last week at the Black Hat Security Event in Las Vegas. "If you are not auditing your DNS servers, please start," he said.
"This is almost 10% of the scanned DNS servers," Kaminsky said at last week's Cyber Security Event in Los Angeles. "If you have not reviewed the DNS server, please proceed with the review," he said.
The motivation for a potential attack is money, according to The sans Internet storm center, which tracks network threats. attackers typically get paid for each spyware or adware program they manage to get installed on a person's PC.
According to the Sans Internet storm center, which tracks network threats, potential attacks are motivated by money. Attackers usually get compensation from every disc program or advertisement program installed on a personal computer.
Information lifted from victims, such as social security numbers and credit card data, can also be sold. Additionally, malicious software cocould be installed on a PC to hijack it and use it to relay Spam.
Data theft from victims, such as social security numbers (SSN) and credit cards, can be sold. In addition, malware can be installed in a PC to hijack it and use it to broadcast spam.
The DNS servers in question are run by companies and Internet service providers to translate text-based Internet addresses into numeric IP addresses. the cache on each machine is used as a local store of data for web addresses.
The DNS we discuss is used by companies and Internet service providers to convert text Internet addresses into digital IP addresses. The cache of each machine is used for local storage of web addresses.
In a DNS cache containing oning attack, miscreants Replace the numeric addresses of popular web sites stored on the machine with the addresses of malicious sites. the scheme redirects people to the bogus sites, where they may be asked for sensitive information or have harmful software installed on their PC. the technique can also be used to redirect e-mail, experts said.
In the DNS cache poisoning attack, gangsters use the digital IP address of a malicious site to replace the Digital IP address of a popular website stored on the machine. This conspiracy redirects people to counterfeit sites where people may be asked for sensitive information or their computers installed with harmful software. Experts say this technology can also be used to redirect emails.
As each DNS server can be in use by thousands of different computers looking up Internet addresses, the problem cocould affect millions of Web users, exposing them to a higrisher K of phishing attack, identity theft and other cyberthreats.
Since each DNS server can be used by thousands of companies to find Internet addresses, this problem may affect millions of users and expose them to risks of phishing attacks, ID card theft and other cyber threats.
The specified ONED caches act like "forged street signs that you put up to get people to go in the wrong ction," said DNS inventor Paul Mockapetris, chairman and chief scientist at secure DNS provider nominum. "There have been other vulnerabilities (in DNS) over the years, but this is the one that is out there now and one for which there is no fix. you shoshould upgrade."
The behavior of the poisoned cache is similar to "Building Fake Street cards to make people in the wrong direction," said Paul Mockapetris, DNS inventor, chairman of the security DNS provider nominum, and chief scientist. "In the past few years, there have been other defects in DNS, but now it's on the battlefield, and there are no repair patches, You need to upgrade ."
There are about 9 million DNS servers on the Internet, Kaminsky said. using a high-bandwidth connection provided by prolexic technologies, he examined 2.5 million. of those, 230,000 were identified as potentially vulnerable, 60,000 are very likely to be open to this specific type of attack, and 13,000 have a cache that can be definitely called ONED.
There are about 9 million DNS servers on the Internet, said Kaminsky. Using the advanced-bandwidth connection provided by prolexic technologies, he tested 250. Among them, 0.23 million are identified as vulnerable to attacks, 60 thousand are likely to be opened for such attacks, and 13 thousand may have clearly poisoned caches.
The vulnerable servers run the popular Berkeley Internet Name Domain software in an insecure way and shoshould be upgraded, Kaminsky said. the systems run BIND 4 or BIND 8 and are configured to use forwarders for DNS requests -- something the distributor of the software specifically warns against.
The vulnerable server runs the Berkeley Internet Name Domain (BIND) software in an unreliable way and needs to be upgraded, said Kaminsky. The system that runs BIND 4 and BIND 8 and is configured to respond to DNS requests-a system in which software senders specifically warn against conversion.
BIND is distributed free by the Internet Software Consortium. in an alert on its web site, the ISC says that there "is a current, wide-scale... DNS Cache upload uption attack. "All name servers used as forwarders shoshould be upgraded to BIND 9, the group said.
BIND is a free release of Internet Software Consortium (ISC. In a warning on its website, ISC said there were "Popular, large-scale... DNS Cache overflow attacks, "said the group. All servers used as the converter must be upgraded to BIND 9.
DNS Cache hosting oning is not new. in March, the attack method was used to redirect people who wanted to visit popular web sites such as cnn.com and msn.com to malicious sites that installed spyware, according to sans.
According to SANS, DNS cache poisoning is not new. In March, this attack method was used to redirect people who want to access public sites such as cnn.com and msn.com to a malicious site where the disk software was installed.
"If my ISP was running BIND 8 in a forwarder configuration, I wocould claim that they were not protecting me the way they shocould be," Mockapetris said. "running that configuration wocould be Internet malpractice."
"If my ISP (Internet Service Provider) is running BIND 8 according to the converter configuration, I will claim that they cannot protect me with due diligence ." Mockapetris said, "That configuration will be a disadvantage of the Internet ."
The new threat -- pharming
Kaminsky scanned the DNS servers in mid-July and has not yet identified which particle organizations have the potentially vulnerable DNS installations. however, he plans to start sending e-mails to the administrators of those systems, he said in an interview.
New threats-domain spoofing/URL grafting (pharming)
Kaminsky scanned the DNS server in middle July and was not sure which particular organization had a potentially vulnerable DNS device. However, he plans to start sending emails to administrators of these systems, he said during a talk.
"I have a couple hundred thousand e-mails to send," he said. "This is the not-fun part of security. but we can't limit ourselves to the fun stuff. we have to protect our infrastructure."
"I have 0.2 million emails to send," he said. "This is an interesting part of security. However, we cannot restrict ourselves to materials of interest. We can only protect our infrastructure ."
The use of DNS Cache hosting oning to steal personal information from people by sending them to spoofed sites is a relatively new threat. Some security companies have called this technique pharming.
It is a relatively new threat to use DNS Cache viruses that send people to fraudulent sites to steal personal information. Some security companies call it technique pharming (Domain Name attack/domain spoofing/website grafting ).
Managing oning DNS Cache isn' t hard, said Petur petursson, CEO of Icelandic DNS consultancy and software company men & mice. "It is very well doable, and it has been done recently," he said.
It is not difficult to poisoning DNS cache, said Petur petursson, CEO of men & mice, a DNS consulting and software vendor in Iceland. "This is a good job and has been done recently," he said.
Awareness around und DNS issues in general has grown in the past couple of years, petursson said. four years ago, Microsoft suffered a large web site outage as a result of poor DNS configuration. the incident cast a spotlight on the domain name system as a potential problem.
Over the past two years, awareness of DNS issues has been growing, says petursson. Four years ago, Microsoft experienced a major site shutdown due to a lack of DNS configuration. This accident throws the spotlight of the domain name system as a potential problem.
"It is surprising that you still find tens of thousands or hundreds of thousands vulnerable servers out there," petursson said.
"It is surprising to still find a large number of vulnerable servers," petursson said.
Kaminsky's research shoshould be a wake-up call for anyone managing a DNS server, particle ly broadband Internet providers, Mockapetris said. kaminsky said he doesn't intend to use his research to target vulnerable organizations. however, other, less well-intentioned people cocould run scans of their own and find attack targets, he cautioned.
Kaminsky research will be an alarm for DNS server managers, especially for broadband Internet providers, Mockapetris said. Kaminsky said he was not planning to use his research to attack vulnerable organizations. However, a person without good intentions can scan and find the attack target, he warned.
"This technology is known to a certain set of the hacker community, and I suspect that knowledge will only get more widespread," Mockapetris said.
"This technology is indeed known to the hacker community and I suspect it will become more common ." Mockapetris said.