Security
Patch domain name servers now, says DNS inventor
Paul Mockapetris, inventor of the Internet's Domain Name System architecture, has some advice for those in any doubt about the seriousness of a weakness in the DNS protocol that was disclosed yesterday: Patch your DNS servers right now.
Related links
No results were found for your search.
Your query is too restrictive.
You might want to try: security
Story tools
Sponsored by:
E-Mail article
|
|
Print article
|
|
Contact author
|
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
The vulnerability and the attack it enables are among the most dangerous to have been discovered in the DNS protocol so far, Mockapetris said in an interview with Computerworld Wednesday morning.
"It's absolutely critical for IT managers to upgrade their software. They want to make very sure that the caching servers on their perimeters are up to snuff," Mockapetris said. In addition, they need to also ensure that client devices such as DSL modems that might have DNS software embedded in them are properly patched. "The time to fix is now. The clock is ticking," before exploits against the flaw become widely available, he said.
The so-called DNS cache-poisoning flaw was discovered by Dan Kaminsky, a researcher at security firm IOActive Inc. earlier this year. The vulnerability gives malicious attackers a way to very quickly redirect Web traffic and e-mails to systems under their control. Virtually every domain name server that resolves IP addresses on the Internet is vulnerable to the flaw, as are client devices with embedded DNS software.
According to Kaminsky's description of the problem, the weakness exists in a transaction identification process that the DNS protocol uses to determine whether responses to DNS queries are legitimate or not. The vulnerability essentially allows an attacker to poison a DNS server cache by injecting forged data into it.
The flaw exists at the DNS protocol level and affects numerous products from multiple vendors. The U.S. Computer Emergency Readiness Team (US-CERT), which was among the first to be informed about the problem when Kaminsky discovered it, yesterday issued an advisory describing the issue and listing over 80 vendors whose products are affected by the vulnerability. Several of those firms, including Microsoft Corp., Cisco Systems Inc., Sun Microsystems Inc., Red Hat Inc. and Nominum Inc., simultaneously released patches Wednesday.
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.
Featured Whitepapers
| The Trend from UNIX to Linux in SAP(r) Data Centers |
RE: Patch domain name servers now, says DNS inventor By badiane on July 16, 2008, 11:18 am Reply | Read entire comment Not all DNS servers are affected. DJBDNS isn't and its creator has many times in the past argued the point with the ISC people. Let's be honest here. It may also...
All comments (1)