Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Spam is Getting Worse but We Don't Know How Much Worse | Main | How to Outsource Computing Services »

New DNS Poisoning Scheme Uncovered

Researchers at Google and Georgia Tech have discovered a significant number of open recursive DNS servers, which respond to DNS lookup requests from any computer, have been compromised with malicious mappings. A victim that depends on one of these to map domain names to IP address may end up a a phishing site instead of his bank. PC World reports:

The Georgia Tech and Google researchers estimate that as many as 0.4 percent, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. They also estimate that another two percent of them provide questionable results. Collectively, these servers are beginning to form a "second secret authority" for DNS that is undermining the trustworthiness of the Internet, the researchers warned.

The attack works by changing DNS settings on the victims computer through malware or a malicious Web site and then redirects the victim to sites of the attacker's choice.

"It's really the ultimate back door," said Chris Rouland, chief technology officer with IBM's Internet Security Systems division. "All the stuff we've deployed in the enterprise, it's not going to look for this."

And that is the biggest problem - we're not looking for this. How often do you check your DNS settings? I use OpenDNS and it displays an OpenDNS page when I mistype a URL but that page is easily spoofed. I depend on anti-malware on the desktop, the more secure operating systems, and I'm try to be careful with questionable Web sites and use McAfee Site Advisor. (McAfee is sponsor of this site). Ars Technica argues for something similar but notes it is not a fool proof solution:

Vista's UAC would actually defend a system from this type of attack by notifying the user that a program was attempting to change the system's DNS settings. I'm not sure if current malware software from various vendors would detect and prevent DNS-level hijacking, but again, such protection and notification could be implemented on a software level. The availability of user-level protection is by no means a complete solution to the problem; software companies cannot assume that all users avail themselves of the appropriate level of malware software or install the appropriate patches, but it is a place to start.
Tags:        
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on December 13, 2007 8:54 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/562

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net