Internet Security Systems - AlertCon(TM)

Kaminsky DNS attack leaked

Posted by Tom Cross on July 22, 2008 at 12:13 AM EDT.

It seems most likely that the details of Dan Kaminsky's DNS attack have leaked. We now begin the watch for exploit tool releases and active exploitation. It is particularly important that people running vulnerable DNS servers patch, and check to make sure that DNS clients and servers behind NAT devices are not still vulnerable.

Dan Kaminsky made a detailed blog post on Thursday which provided a wealth of mitigation information. I'm including a few of the key links here, including information about implementing secure NAT in Linux and OpenBSD, which can be used to protect vulnerable DNS servers that cannot be patched. DNS resolvers that are behind vulnerable NAT devices can also be set to forward to patched hosts. Make sure to turn recursion off if you are going to forward.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.