[ISN] Many DNS Servers Still Vulnerable To Attack

From: InfoSec News <alerts_at_private>
Date: Tue, 11 Nov 2008 04:01:29 -0600 (CST)

By Tim Wilson
Nov 10, 2008

More than six months after the discovery of security flaws in the 
Internet's core addressing system, many Domain Name System (DNS) servers 
are still open to attack, according to a study published today.

According to a report on DNS trends published by Infoblox and the 
Measurement Factory, approximately one in four DNS servers still does 
not perform source port randomization, the chief patch for the so-called 
"Kaminsky vulnerability" that was discovered by researcher Dan Kaminsky 
in the first half of last year and fully disclosed at the Black Hat 
conference in August.

"A surprising number have not been upgraded and are very vulnerable to 
cache poisoning," the report states.

The study, which took a sample of 5 percent of the Internet's IPv4 
address space -- about 80 million addresses -- also showed that more 
than 40 percent of Internet name servers allow recursive queries, which 
is one of the design flaws that might enable attackers to abuse Internet 
address spaces for their own purposes. About 30 percent allow zone 
transfers to arbitrary requestors, another flaw that could lead to 
vulnerabilities such as those discovered by Kaminsky.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Tue Nov 11 2008 - 02:01:29 PST

This archive was generated by hypermail 2.2.0 : Tue Nov 11 2008 - 02:03:33 PST