-
Blogs
-
News
-
Industry
-
Community
-
Topics
The Measurement Factory and Infoblox have announced results of a survey of more than 1.3 million Internet-connected, authoritative domain name system (DNS) servers around the globe. The results of the survey indicate that as many as 84 percent of Internet name servers could be vulnerable to pharming attacks, and that many exhibit other security and deployment-related vulnerabilities.
The surveys consisted of several queries directed at each of a large set of external DNS servers to estimate the number of systems deployed today and determine specific configuration details.
The survey results revealed that many organizations often disregard these critical systems, which perform the functions necessary to make their presence available and accessible on the Internet. The Internet Systems Consortium's BIND software, which performs the domain name resolution function, is often out of date, opening the door to malicious attacks. And, the systems are sometimes mis-configured, potentially compromising network availability.
Following is a summary of the significant survey results:
Related topics: Cyberattack, Cybercrime, DNS, Domain Names, Security
To post comments, please login or create an account.
SecuritySponsored byVerisign | |
DNSSponsored byNeustar UltraDNS | |
DNSSECSponsored byAfilias | |
Top-Level DomainsSponsored byMinds + Machines | |
MobileSponsored bydotMobi |
In October of 2003 a similar survey[1] was perform against the root-zone-listed nameservers. The results were similar - recursion is allowed on way too many root-listed nameservers and zone transfers are not restricted. Because of the hierarchical nature of DNS, this is arguably a bigger/nastier problem since, although someone can (easily) secure their own name server against recursion (threat = cache poisoning) and zone transfers (threat = unintended disclosure), the upstream name server could get poisoned and that poisoning could trickle down.
[1] http://www.credentia.cc/research/dns/cctlds/report-2003-Oct.html