DNS Flaw Causes Global Panic
(Page 1 of 4 )
In early 2008, Dan Kaminsky, a renowned computer security researcher, discovered a fundamental flaw in the DNS protocol. For months he worked in secret with DNS vendors trying to develop a patch that would make exploiting the flaw more difficult. It wasn't until July 8 that the patch and news of the flaw were disclosed. This article will recount the chaotic series of events that have taken place since then.
The Domain Name System (DNS), for those who don't know, is a network of servers mainly used to translate domain names into IP addresses. This way, people don't have to worry about routing arrangements or how the machine locates an IP address; all they need to know is the domain name, which is readable and much easier to remember. The flaw that Kaminsky discovered was within the DNS itself, and made it particularly vulnerable to cache poisoning attacks.
Cache poisoning occurs when someone maliciously tampers with the translation operations of the DNS server. An exploited server that does not ensure that DNS responses come from an authoritative source could potentially cache incorrect entries and serve them to users who request them. An attacker could just create fake entries for files on a server they control with names matching the files on the exploited server. A user could then be tricked into downloading malicious code. Or, for example, a server might route users to a site filled with spam when they try to visit devshed.com.
Naturally, Kaminsky advised all vendors to deploy the patch to their customers. He even provided a DNS checker at the top right corner of his website so that people can check to see if the DNS server they use is vulnerable. The United States Computer Emergency Readiness Team (US-CERT) posted its own notice on the vulnerability along with a list of hardware/software vendors stating whether or not their products are affected. Things seemed to be going smoothly at first, with vendors like Microsoft, Cisco, and Internet Software Consortium (ISC) issuing patches right away.
But we all know the Internet is a dangerous place. Sooner or later something was bound to happen that would throw a wrench into the whole operation. Kaminsky planned to wait thirty days after disclosing the vulnerability before releasing all the details. He “wanted to go public with the issue to put pressure on corporate IT staff and Internet service providers to update their DNS software, while at the same time keeping the bad guys in the dark about the precise nature of the problem.” Unfortunately, people have a hard time keeping their mouth shut.
Next: Flaw Exposed >>
More Web Hosting News Articles
More By Michael Lowry
