Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security The Internet IT

DNS Problem Linked To DDoS Attacks Gets Worse 69

Posted by Soulskill from the i-blame-the-schools dept.
itwbennett writes "The percentage of devices on the Internet that are configured to accept DNS queries from anywhere — what networking experts call an 'open recursive' or 'open resolver' system — has jumped from around 50 percent in 2007 to nearly 80 percent this year, according to research sponsored by DNS appliance company Infoblox. As more consumers demand broadband Internet, service providers are rolling out modems configured this way to their customers, said Cricket Liu, vice president of architecture with Infoblox. Georgia Tech researcher David Dagon agreed that open recursive systems are on the rise, in part because of 'the increase in home network appliances that allow multiple computers on the Internet. ... Almost all ISPs distribute a home DSL/cable device. Many of the devices have built-in DNS servers. These can sometimes ship in "open by default" states.' What's worse, says Dagon, is that many of these devices do not include patches for a widely publicized DNS flaw discovered by researcher Dan Kaminsky last year."
This discussion has been archived. No new comments can be posted.

DNS Problem Linked To DDoS Attacks Gets Worse More

DNS Problem Linked To DDoS Attacks Gets Worse

Comments Filter:

  • Re:Trying to make something from nothing. (Score:3, Interesting)

    by danwesnor ( 896499 ) on Sunday November 15, 2009 @12:15PM (#30106120)
    OK, you're right, 1 of 1 is not enough to make an assumption. But of the 5 I've bought over the years from 3 different vendors, all 5 were shipped configured to accept DNS request from the intranet but block all requests of any type from the internet.

  • No-one is truly safe... (Score:1, Interesting)

    by Anonymous Coward on Sunday November 15, 2009 @12:20PM (#30106148)

    Cache poisoning is something you do by returning an answer to a DNS server that's doing a lookup on your behalf. Lets say I was able to sniff your traffic and see that you go to your Bank's web site based on the last DNS query your router did on your behalf. What I can then do is bombard your router back with answers for your bank's web site being a different IP address so that when your router finally does the DNS lookup again at some point, the potential is there for it to accept MY answer for their site that will send you elsewhere and you'd never know it.

    This has NOTHING to do with having open ports because the issue is that your router asked another DNS server somewhere on the internet for a lookup - so its already waiting for a return answer... of which you can now attempt to provide it the wrong one. So if anything you DON'T have to be an open recursive DNS server to be attacked - all you have to be doing is a recursive query of which most if not ALL routers do as they do the lookup for you. Hence therein lies the issue... Oh and setup your own patched recursive DNS server that you now think makes you "safe"... odds are your router won't randomize the outbound ports that DNS is so you're back at square one again with this vulnerability

  • How does one test for this vulnerability? (Score:2, Interesting)

    by fragMasterFlash ( 989911 ) on Sunday November 15, 2009 @01:10PM (#30106562)
    Several online tools were available to test for vulnerabilities on individual PCs back when Kaminsky discovered the sad state of DNS security. Is there a similar test for available for cable modems? How about a list of susceptible devices? I'd rather not put blind faith in my ISP to keep me out of harms way.

Slashdot Top Deals

Intel CPUs are not defective, they just act that way. -- Henry Spencer

Close