Recent Articles

FCC Declares Comcast's Filtering Illegal
It's official, as far as the FCC is concerned, that Comcast's throttling of peer-to-peer traffic was illegal and in violation of the FCC's network neutrality principles. The highly expected ruling came down a few days ago...

EFF Launches Net Neutrality Tool
The Electronic Frontier Foundation has introduced a new tool that allows users to find out if their ISPs are throttling their P2P files. The new "Switzerland Tool" will reveal if a user's network connection has any any restrictions on it from ISPs. "It's up to concerned...

SQL Server Upgrade Database Mirroring Issues
Before upgrading our production servers I simply removed the mirroring with the wizard. After the upgrade process the last step was to recreate the mirroring. If you have done this you know that you need to do a full backup with transaction log backup of the db and...

Reactions To European Telecommunications Packet...
Today the European Parliament is going to vote on proposed amendments to the telecommunications packet regulation, below an excerpt of FFII press release and Kathy Sinnott reactions. European Parliament rushes towards Soviet Internet. Brussels, 04 July 2008...

RIAA Demands ISP's To Spy On Their Users
ISP's are beginning to bow to RIAA demands and spying on their users. This is odd if you consider them a communications company... like the telephone companies are. For example, do you talk on...


08.25.08

Update Your System To Prevent DNS Exploits

By Dan Morrill

HD Moore has released an exploit module for the Metasploit framework, meaning script kiddies and every other security person and wanna be is going to be downloading, if they have not already, and are playing around with DNS on the internet today.

While meltdowns are probably not going to happen, individual cases of having the DNS server they use compromised are probably pretty good, and explains why the internet seems to be slow today here on the network that I am using. Bringing up snort, there seems to be many DNS packets just floating around the network, with many non-authoritative responses to go with them.

This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target name server. This exploit caches a single malicious host entry into the target name server. By causing the target name server to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target name server to insert the additional record into the cache. Source: Caughq.org

What is also amusing is the number of reactions about how this should not have been released at all, but as with all exploits, there has been time to patch systems. And patches have been released on just about everything that is still in use. These kinds of major exploits, while getting rarer, are always good to do a little patch management to fill in the gaps when there are hacks this big in terms of the damage that can be done.

Save Valuable Time and Resources with the
Peer1 ValuePro Managed Hosting Plan

If you think that your DNS server is vulnerable, you can test your server here, and it will show if your server is vulnerable, it will also show you if there is something weird going on. When I checked my DNS server, the reported unusual behavior list was cool to see.

82641ff36f57.toorrr.com:
206.81.192.2:63118 TXID=61158
206.81.192.2:54050 TXID=34815
206.81.192.2:63453 TXID=17062
206.81.192.2:63037 TXID=17547
206.81.192.2:50693 TXID=16754

The toorrr.com is a private system from Dan Kaminsky, not sure, if he meant to leave this page open so that people could swing by and take a look. There is some amusement here if the page toorrr.com was meant to be a private space. Worth checking out though, and make sure you are patched today.

Comments


About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.
About NetworkNewz
NetworkNewz editors, writers and contributors focus on both the big picture and the details of networking. At NetworkNewz our goal is to deliver to you The Key To Network Management.





NetworkNewz is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITmanagementNews.com





-- NetworkNewzis an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2008 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | newsletters | comments/feedback | submit article


The Keys To Network Management Ask Questions in the Networking Forum NetworkNewz News Archives About Us Feedback NetworkNewz Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact