17 July 2008 2 views No Comment

The DNS server at IP address 202.188.0.132 is susceptible to a DNS cache poisoning attack. The server is not changing its source port, query id, or both, between queries. This means it is easier than average for an attacker to spoof responses to DNS queries from this server, causing the server to serve a potentially malicious DNS record in response to any query.

Click here for more details on this vulnerability and how to patch it.

If you are not in control of your own DNS server, contact your DNS provider but do not be unduly concerned in the near term. IT administrators have only recently been apprised of this issue, and should have time to safely evaluate and deploy a fix.

Based on the results, the DNS server is vulnerable if the IPs AND the source ports match, or the query IDs match. Matching query source ports or query IDs make it easier to spoof fake results to the DNS server, poisoning its cache.

We encourage you to run DNSreport to make sure your DNS is configured properly. This comprehensive health check runs 55 tests against your domain, pinpoints the issue and offers mitigation steps on how to fix it. You can automate this report with DNSalerts - we will monitor your DNS around-the-clock and notify you via email if problems arise.

Note: This critical DNS flaw was discovered by Dan Kaminsky, Director of Penetration Testing for IOActive. To learn more, visit doxpara.com.

Related posts

• Vulnerability Note VU#800113 (2)
• DNS record types (0)
• What are some best practices when sending to Yahoo! Mail? (0)
• Ubuntu Weekly Newsletter #84 (0)
• The Planet Enhances Web Site with New Video Customer Testimonials (0)