Thursday, July 24, 2008
update DNS now!
The discussion about Dan Kaminsky's discovery of the DNS vulnerability just made a new twist and the vulnerability became more scary. Previously it was agreed upon that we (the internet) are given one month time to patch our DNS servers. That went down to "now" when Matasano leaked the attack and thus the public knew.
¶ 12:20 AM 
Just one day later, the attack is already implemented in metasploit!
At CERT.at we analyzed all of Austria's bigger nameservers in detail and found that approx. two thirds of all recursive DNS nameservers in Austria are vulnerable / unpatched! This does not include the numerous dnsqmasq recursive servers on linksyses or other small embedded devices!
What does this all mean?
It means when you thought you were surfing to "www.google.com" (or any link) you might end up at let's say a p0rn site. Or something like that. Or a fake banking site. Not so bad? Well think about it. You will (thanks to DNS poisoning) end up at the p0rn site every the time and not be able to reach google. DNS is fundamental to the internet.
So what to do about it?
- check if your DNS server is vulnerable (you can also script this with dig +short porttest.dns-oarc.net TXT)
- if it is -> patch! All major DNS server software providers released updates.
- Please, take your time for it, now! If you know that your DNS server is unpatched and you can not patch it, bug your sysadmin.
Aaron Kaplan
(aaron@lo-res.org)
(for a background on why people found out so quickly: read this)
