DNS Cache Poisoning

A google search for poison still returns a top result for one of the tackiest 80s pouty lipped glam bands around. They are still on tour, and they probably haven’t even heard of Dns.

Dns cache poisoning (there is a fine wiki for it) vulnerabilities have been all the rage on various security research mail lists for the past couple weeks and should be at the top of any search result list now. New working exploits targeting those vulnerabilities have been created and distributed. Coincidentally, Blackhat is being held next week, where Dan Kaminsky will present his original findings on it. Dan Kaminsky reportedly grouped together a huge number of dns providers and got a patch properly worked out and distributed for this thing.
What does “DNS Insufficient Socket Entropy Vulnerability” really mean to the average end user? Before you ask, there is a hitch. What was supposed to remain mysterious and closeted within the shadowy network security and dns administrator community has been released full force via full disclosure and Metasploit, the open source pen testing tool project run by HD Moore and friends. This addition means that this potentially dangerous information is public and potentially freely usable.
So now go ahead and ask. What does “DNS Insufficient Socket Entropy” really mean to me? If you are a standard user, you’re probably not administering a Dns server, but you (possibly unknowingly) are using Dns. Your ISP maintains these DNS servers, or the routes to them, for you. It is these systems that tell your browser what server to connect with when you are visiting “www.google.com”. They need to send your browser’s requests to your bank’s authentic web site when you attempt to browse it, instead of some creaky old mock up hosted in the furthest reaches of the planet. While you are dependent on Dns servers working properly and supporting “sufficient entropy”, there most likely is nothing you directly can do to administer and patch them.

In the meantime, visit the Microsoft Update site to check for new updates and ensure that third party software on your system is patched. Dns admins need to get their servers patched.
You can check Dan Kaminsky’s own site here or another tool here for information to present to your ISP, if they haven’t yet patched.

Update: Dan Kaminsky posted additional information that “DNS clients are at risk, in certain circumstances”, and that microsoft is patching multiple other dns client-side vuln (“has received two MSRC fixes in the past six months”). So, while the major focus is on the Dns servers, be sure to visit the windowsupdate site and patch away!

This entry was posted in Online Fraud. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>