Home / News

DNS Attack Code Has Been Published

  • Jul 23, 2008 3:34 PM PST
  • Comments: 0
  • Views: 9,271
Print Comment
By CircleID Reporter

As warned by Dan Kaminsky, Paul Vixie, and numerous other experts experts, it was just a matter of time before an exploit code for the now public DNS flaw would surface. An exploit code for the flaw allowing insertion of malicious DNS records into the cache of target nameservers has been posted to Metasploit, a free provider of information and tools on exploit techniques. According to reports Metasploit creator, H D Moore in collaboration with a researcher named "|)ruid" from Computer Academic Underground, created the exploit, dubbed "DNS BaliWicked Attack", along with a DNS service created to assist with the exploit.

The following description has been provided for the exploit:

"This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious host entry into the target nameserver. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache."

However according to Moore the code has a limitation:

"This exploit can't be used to overwrite an existing cache entry, so attackers will have a hard time spoofing common host names on busy DNS servers. The module added to Metasploit will display the expiration date for any pre-cached entries and automatically wait for that amount of time for completing the attack."

Unfortunately a large number of organizations and ISPs are still unpatched and at risk. "In fact, of the 60 DNS servers I tested, more than half of them were still vulnerable," says Neal Krawetz, owner of computer security consultancy Hacker Factor Solutions, in a blog post. "Considering that many of the 'safe' DNS servers were not vulnerable prior to this situation, this means that far fewer than half of the large ISPs have even reacted to the notice."

Related Sources:
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
http://metasploit.com/.../dns/baliwicked_host.rb?rev=5579
http://blogs.zdnet.com/security/?p=1545
http://blog.wired.com/27bstroke6/2008/07/dns-exploit-in.html

Updates:
|)ruid and HD Moore release part 2 of DNS exploit 7/24/2008 - ZDNet
U.S. Computer Emergency Readiness Team (US-CERT) Acknowledges Publicly Available DNS Exploit 7/24/2008 - US-CERT

Related topics: Cyberattack, Cybercrime, DNS, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:
Print Comment

Comments

To post comments, please login or create an account.

Related Blogs

What Does It Take To Repair Trust? What Will It Take ICANN To Win Back "Trust"? (Part I)

  • Feb 08, 2012
  • Comments: 0

Is ICANN Opening up Public Comment Periods in Bad Faith?

  • Feb 07, 2012
  • Comments: 1

Phish or Fair?

  • Feb 07, 2012
  • Comments: 4

The FBI and Scotland Yard vs. Anonymous: Security Lessons

  • Feb 06, 2012
  • Comments: 0

World Notices That Verisign Said Three Months Ago That They Had a Security Breach Two Years Ago

  • Feb 02, 2012
  • Comments: 2
View More

Related News

DNSChanger Trojan Still Running on Half of Fortune 500s, US Govt

  • Feb 02, 2012
  • Comments: 0

Public-Private Cooperation Policy for Cyber Security Suggested by Commissioner Kroes

  • Jan 31, 2012
  • Comments: 0

DDoS Attacks Increased by 2000% in Past 3 Years, Asia Generating Over Half of Recent Attacks

  • Jan 31, 2012
  • Comments: 0

NASA Website Blocked Due to DNSSEC Error

  • Jan 25, 2012
  • Comments: 0

Websites Go Dark Protesting SOPA and PIPA, Senators Change Course

  • Jan 18, 2012
  • Comments: 0
View More

Topics

Access ProvidersLaw
BroadbandMalware
CensorshipMobile
Cloud ComputingMultilinguism
CyberattackNet Neutrality
CybercrimeP2P
CybersquattingPolicy & Regulation
Data CenterPrivacy
DNSRegional Registries
DNSSECRegistry Services
Domain NamesSecurity
EmailSpam
EnumTelecom
ICANNTop-Level Domains
Internet GovernanceVoIP
Internet ProtocolWeb
IP AddressingWhite Space
IPTVWhois
IPv6Wireless
View More

Industry Updates – Sponsored Posts

.ORG COO Discusses Priorities With DailyVista, Pursuit of .NGO Domain

  • By PIR
  • Views: 287

StarHub to Acquire '.starhub' New Top-Level Domain

ARI Registry Services Signs 21 Contracts in the First Week of New TLD Applications

MarkMonitor to Exhibit at Internet Tech Policy Exhibition and Reception to be Held on Capitol Hill

Sedari Signs With Dot Moscow Bidders

.ORG, The Public Interest Registry Welcomes Nancy Gofus As Chief Operating Officer

  • By PIR
  • Views: 688

Minds+Machines Works with .bayern

Verisign to Award New Infrastructure Research Grants

Being a .PRO When Choosing a Registry Services Partner

UK Cabinet Office Looks to BlueCat Networks' Expertise and Best Practices for Securing PSN

dot Brand Makes Its Debut: Afilias Advises Companies to Act Now for Successful TLD Applications

BlueCat Networks Helps Organizations Transition to IPv6 with HP

BlueCat Networks to Host Webinar on DNS, DHCP and IPAM Featuring Independent Research Firm

Facets of gTLD Registry Technical Operations - Registry Services

Technology and Finance Industries to Dominate New gTLD Applications

Nixu SNS 2.5 Series Gives Fresh Views on DNS

Afilias Says "No" to SOPA

Breaking the DNS: Another Look at How SOPA Could Be Destructive

  • By Dyn
  • Views: 1,359

IPAM and DHCPv6 Shake Hand in Nixu NameSurfer 7.1 Series

2011: A Year in Review, from the Yes2DotAfrica Campaign

View More

Hot Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Neustar UltraDNS

DNS

Sponsored by
Neustar UltraDNS
Afilias

DNSSEC

Sponsored by
Afilias
Verisign

Security

Sponsored by
Verisign
dotMobi

Mobile

Sponsored by
dotMobi
View More