MX Logic
Resources Support Contact MX Logic Login
Search
MX Logic Advantage Services Technology Partners News & Events About MX Logic

MX Logic » MX Logic IT Security Blog
09 July 2008

New DNS Vulnerability Announced


It was announced yesterday that a serious vulnerability exists in the DNS (Domain Name System) such that an attacker could take over a DNS server and corrupt it in such a way that legitimate traffic could be diverted to malicious web sites.

If you are not familiar with how DNS works, it essentially functions as an internet phone book (if you are interested in a more technical description with examples, click here).  The internet works on what are called Internet Protocol (IP) addresses, but in order to make the internet easier for users like you and me to use we are more familiar with using hostnames like yahoo.com, google.com, and cnn.com).  What DNS systems do is translate those hostnames to IP addresses so that (for example) Internet Explorer knows where to retrieve web page content from. 

So, how does this DNS vulnerability potentially affect you?

If your DNS server is compromised, the hacker could redirect legitimate web traffic (say, to bankofamerica.com) such that instead of your computer being directed to the IP address for the real bankofamerica.com web site, it could be directed to malicious, look-alike web site that is either hosting malware or is setup strictly for the purposes of capturing login credentials to be sold in the underground market. 

It is important to note that this vulnerability is related to the actual DNS protocol itself and is not specific to any particular DNS implementation.  It is also important to note that at this time there are no known exploits that are taking advantage of this vulnerability.  Technical details of the flaw will be released at the Black Hat Conference in Las Vegas on August 6th.  Once more specific details are released at Black Hat all bets are off so it is important that you test and deploy the patch that is specific to your  DNS implementation as soon as possible.
If you are interested in reading more about the information that has been released thus far, you can read the Executive Summary here.  You can also read the CERT Advisory that was released here.

Categories: Vulnerabilities
Posted by smasiello at 9:24 AM | Link | 0 comments
Comments

No comments found.

Post a Comment
Name:   Required
Email:   Required your email address will not be publicly displayed.

Anti-spam key

Type in the text that you see in the above image:

Your comment:

Sorry, no HTML allowed!

MSP Mentor

Privacy Policy
© MX Logic, Inc.
All Rights Reserved.

MX Logic
9781 S. Meridian Blvd. Suite 400 Englewood, CO 80112
Toll-Free: +1.877.MXLOGIC

  MX Logic provides Email Filter, Web Filter and Email Archiving services for use in network security.