Spotlight | Reviews | Current Issue | Academy | Newsletter | Subscribe | Shop |
News
Features
Blogs
RSS Feeds
White Papers
Conference Videos
Departments
Current Issue
Special Editions
Spotlight
Reviews
Event Calendar
Archives
     2012
     2011
     2010
     2009
     2008
     2007
     2006
     2005
Article Code

Yatego Shopping
Yatego International
Germany's Shoppingmall No.1! 10000 Shops and over 3,4 Mio. Products. Computer, Software and Technic Guidebooks.

user friendly

Admin Magazine

ADMIN Network & Security

Subscribe now and save!

 ADMIN - Explore the new world of system administration! ADMIN is a smart, technical magazine for IT pros on heterogeneous networks. Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:

  • network security
  • system management
  • troubleshooting
  • performance tuning
  • virtualization
  • cloud computing

 on Windows, Linux, Solaris, and popular varieties of Unix.

http://www.admin-magazine.com/

  linuxpromagazine.com » Issues » 2008 » 95 » Security Lessons  

Print this page. Recommend
Share

High-Volume Service

Alternatively, the attacker can use JavaScript to create a web page that triggers this attack, then the attacker can trigger a DNS lookup for http://www.your-bank.com and try to spoof packets with hostile data to the ISP's DNS server.

One more reason that this attack is so likely to succeed is that DNS is a high-volume service, with few sites logging incoming requests and answers, so detection of an attack is extremely unlikely. Attackers can simply hammer away at the server, making thousands of requests and spoofing replies until they succeed.

Are You Vulnerable?

Web-based and command-line tests check for this vulnerability. They generally trigger a number of DNS lookups that are examined, checking the port numbers and transaction IDs for randomness, and you can see the results quickly. Two web-based tests are available online [1][2].

Additionally, the DNS-OARC center offers a command line--based check that can be accessed with a tool such as dig or nslookup:

$ dig @ip.or.hostname +short porttest.dns-oarc.net TXT

To fix your vulnerability, you must update your DNS server; almost every vendor released an update in July. After you have updated your DNS server, and assuming you are using Bind, be sure that it is configured properly.

To do so, check your named.conf file and make sure you do not have something such as

query-source port 53;
query-source-v6 port 53;

in it, but instead, something like:

query-source port *;
query-source-v6 port *;

After you have updated, you should use one of the web-based or command-line tests to ensure it is working as expected.

Conclusions

DNS attacks illustrate both the limitations of some of the protocols in use on the Internet and the robustness inherent in the system, and it is unlikely this kind of attack will ever go away.

Even with the publicity surrounding this issue, a significant portion – upwards of 50 percent, according to some reports – of DNS servers still have not been fixed. Like spam, this kind of attack is something you will have to learn to live with.

Infos

  1. DoxPara: http://www.doxpara.com/
  2. DNS-OARC: http://www.dns-oarc.net/

The Author

Kurt Seifried is an Information Security Consultant specializing in Linux and networks since 1996. He is married and has four cats but no fish (because the cats are more hungry than afraid of water). He often wonders how it is that technology works on a large scale but often fails on a small scale.

« Previous 1 2 3

Read full article as PDF » DNS_Attacks.pdf 229.63 kB


Comments


Print this page. Recommend
Share
No More Downloads!

Save the download and take Linux Magazine DVDs instead.

Each DVD contains a full distro like Ubuntu, SUSE, Mandriva, Fedora, or Debian and comes with the corresponding issue of Linux Magazine.

Don't waste time downloading Linux!

more...

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.

© 2012Linux New Media USA, LLC

Linux New Media Websites
North America: [Linux Pro Magazine] [ADMIN Magazine] [Ubuntu User] [Smart Developer]
International: [Linux Magazine] [ADMIN Magazine] [Ubuntu User] [Smart Developer] [Linux Magazine Academy]

Germany: [Linux-Magazin] [ADMIN Magazin] [LinuxUser] [EasyLinux] [Linux-Community]
[Ubuntu User] [Smart Developer] [Android User] [Linux-Magazin Academy]
Poland: [Linux Magazine] [EasyLinux]
Spain: [Linux Magazine] [Ubunutu User]
Netherlands: [Linux Magazine Academy]
Brazil: [Linux Magazine] [ADMIN Magazine] [Ubuntu User] [Guia de TI]