In a major collaborative effort over 80 vendors simultaneously released patches to their DNS software to address a critical vulnerability. DNS, the Domain Name System, forms the basis of how today's Internet works by translating domain names into IP addresses and vice versa. Without DNS you wouldn't be able to type a domain name (such as bbc.co.uk for example) into a web browser and reach that site.
The current flaw in DNS potentially allows hackers to poison the DNS system and redirect users to malicious sites rather than the site they intended to visit. The researcher that discovered the flaw, Dan Kaminsky, had attempted to keep technical details of the vulnerability secret until next month in order to give system administrators time to patch their servers against the flaw. However, details of the vulnerability were revealed yesterday before many systems have been patched.
In a worst case scenario a major ISPs DNS servers could be subverted redirecting a major site such as Google to a malicious site designed to infect visitors PCs with malware. Such a scenario could result in hudreds of thousands of computers being infected in a very short period of time. With such rewards on offer you can bet the bad guys will be all over this in a flash.
What should you do?
Users are strongly advised to test their DNS servers now to see if they're vulnerable. Dan Kaminsky has a "Check My DNS" applet available on his site here.
If your DNS servers are vulnerable you should contact your ISP (or whoever provides your DNS) and inform them, plus ask them when they intend to patch their servers.
If your DNS servers are vulnerable then you can use the freely available DNS servers provided by OpenDNS until your normal servers can be patched. Windows users should go to Control Panel > Network Connections and right click on the connection and select "Properties". Then select Internet Protocol (TCP/IP) and click Properties. Select "Use the following DNS server addresses" and enter the following two IP addresses for the Preferred and Alternate DNS servers, respectively: 208.67.222.222 and 208.67.220.220. Linux users should edit the nameserver values in /etc/resolv.conf
Additionally, if you use a home router to automatically assign network settings then you should also update the DNS server settings in your router.
Users are then advised to retest to ensure their DNS servers are no longer vulnerable.
Tuesday, 22 July 2008
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment