CNET has a detailed article on yet another threat facing the online presence of businesses, and Internet itself: DNS cache poisining.
In a DNS cache poisoning attack, miscreants replace the numeric addresses of popular Web sites stored on the machine with the addresses of malicious sites. The scheme redirects people to the bogus sites, where they may be asked for sensitive information or have harmful software installed on their PC. The technique can also be used to redirect e-mail, experts said.
As each DNS server can be in use by thousands of different computers looking up Internet addresses, the problem could affect millions of Web users, exposing them to a higher risk of phishing attack, identity theft and other cyberthreats. […]
The poisoned caches act like "forged street signs that you put up to get people to go in the wrong direction," said DNS inventor Paul Mockapetris. […] BIND is distributed free by the Internet Software Consortium. In an alert on its Web site, the ISC says that there "is a current, wide-scale...DNS cache corruption attack."
DNS cache poisoning is not new. In March, the attack method was used to redirect people who wanted to visit popular Web sites such as CNN.com and MSN.com to malicious sites that installed spyware, according to SANS Internet Storm Center. […]
According to the article, there are about 9 million DNS servers, of which a sample test has shown that as much as 30% might be at risk if targeted by a cache poisining attack.Given the potential implications, businesses have to upgrade their DNS infrastructures to BIND 9, the latest revision.
The alternative, that also increases the reliability, speed and functionality of a DNS infrastructure, is to switch to the Managed DNS service developed by UltraDNS. Because UltraDNS relies on a custom implementation of the BIND protocol, it is not subject to cache poisoning and other weaknesses of BIND servers. The company manages about 20% of all Internet domain names, through 20+ global and country TLDs (Top Level Domain names), and direct customers like Amazon.com and others. An additional benefit of UltraDNS is that it allows one to propagate DNS configuration changes in quasi real-time, as opposed to a few hours to a couple of days, thanks to a cluster of servers distributed around the world.
Disclosure: I have been involved in UltraDNS as an investor, a board member and more recently a consultant.
[via]
Comments