Is Web 2.0 Breaking the Internet – DNS in the Wild – As Reported Two Days Ago on

Will Web 2.0 break the Internet. If only Bob Metcalfe was around.

On my new blog we reported the DNS vunerability two days before it hit mainstream. Why? We’ve been tracking this little security issue for a while. Thanks to Greg Ness. My days of DNS go back 10 years with keywords, then Realnames, ICANN, and Cisco. DNS has problems and yet it is the backbone of the addressing and resolution of the web.

There are about 11 million servers using the Internets Domain Name System (DNS) to coordinate traffic across the Internet to their proper destinations. About 6 months ago Dan Kaminsky, Director of penetration testing at IOActive, discovered a way to exploit long-known DNS vulnerabilities to easily implement cache poisoning attacks that can compromise the integrity of the Internet. A few highlights from Computerworld’s coverage of the DNS flaw follow:

“DNS servers are responsible for routing all Internet traffic to their correct destinations. The so-called cache-poisoning vulnerability that Kaminsky discovered could allow attackers to redirect Web traffic and e-mails to systems under their control, according security researches. The flaw exists at the DNS protocol level and affects numerous products from multiple vendors.”

Jaikumar Vijayan, Computerworld, July 17

Word of the DNS flaw was made public earlier this month thanks to a collaborative update from the likes of Cisco and Microsoft. Details were withheld in order to give administrators time to patch their systems.

The flaw would allow hackers to launch unlimited queries against DNS servers without being detected, allowing them to run simple random number guesses to collect transaction IDs and other critical information that could be used to redirect web traffic to spoof sites. These kinds of attacks can be successful, and in turn, detrimental to an organization’s web presence, in mere seconds.

According to Kaminsky, a weakness exists in a transaction identification process that the DNS protocol uses to determine whether responses to DNS queries are legitimate or not. DNS messages include what are supposed to be random identification numbers, but the problem, according to Kaminsky, is that only about 65,000 different values are currently being used as identifiers. And in reality, the process of assigning the identifiers to packets isn’t especially random and can be guessed, he said.

Jaikumar Vijayan, Computerworld, July 17

While some have speculated whether or not the vulnerability is old news, Mike Fratto had recently delivered a stern warning to patch all DNS servers in his InformationWeek blog:

Since the CERT announcement yesterday about the new vulnerabilities in DNS, there has been a lot of speculation that what Dan Kaminsky found is old news. Thomas Ptacek from Matasano, in an interview with Nathan McFeters at ZDNet, pretty much dismisses the vulnerability as old news and therefore unimportant. That sentiment is echoed on mailing lists and message boards. But in an e-mail today, Kaminsky confirmed that what he found is something very new. I believe him. Forget the arguments. Go patch your DNS servers. Now.

Mike Fratto, InformationWeek, July 9

Making matters worse, a slip-up between security researchers discussing the cache poisoning attack via blog exchanges has inadvertently released details of how to launch an exploit in the wild, making it only a matter of time before real attacks appear.

Here is the coverage from ZDnet yesterday afternoon: Has Halvar figured out super-secret DNS vulnerability?

Clearly irked by a demand request from Kaminsky and others to avoid speculating on the details of the flaw until the patch is fully deployed, Flake (left) published a reliable method to forge and poison DNS lookups.

Ryan Naraine, ZDnet, July 21

You can expect to read much more about this in the coming days, if not hours.

You can find out even more from this recent webinar hosted by Dan Kaminsky and Infoblox VP of Architecture Cricket Liu: DNS Security: Old Vulnerabilities, New Exploits. It is sponsored by Infoblox, and is perhaps one of the most current and informative recorded events on the topic. You can also read more at Kaminsky to discuss DNS flaw at Black Hat sponsored webcast.

For more background, you can read the following articles: Who is Really at Risk From the DNS Flaw? Is DNSSEC the Answer to Internet Security?

InformationWeek blog: Stop Arguing and Patch your DNS

Computerworld: DNS flaw discoverer says more permanent fixes will be needed


Author: John

Entrepreneur living in Palo Alto California and the Founder of SiliconANGLE Media

4 thoughts on “Is Web 2.0 Breaking the Internet – DNS in the Wild – As Reported Two Days Ago on”

  1. Pingback: IE Vulnerability

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s