Home » It news » 17 July 2008 » 974 supporters » No Comment »

This DNS server is vulnerable!

17 July 2008 974 supporters No Comment

The DNS server at IP address 202.188.0.132 is susceptible to a DNS cache poisoning attack. The server is not changing its source port, query id, or both, between queries. This means it is easier than average for an attacker to spoof responses to DNS queries from this server, causing the server to serve a potentially malicious DNS record in response to any query.

Click here for more details on this vulnerability and how to patch it.

If you are not in control of your own DNS server, contact your DNS provider but do not be unduly concerned in the near term. IT administrators have only recently been apprised of this issue, and should have time to safely evaluate and deploy a fix.

DNS Server Address Query source port Query ID
202.188.0.132 32791 15158
202.188.0.132 32791 51989

Based on the results, the DNS server is vulnerable if the IPs AND the source ports match, or the query IDs match. Matching query source ports or query IDs make it easier to spoof fake results to the DNS server, poisoning its cache.

We encourage you to run DNSreport to make sure your DNS is configured properly. This comprehensive health check runs 55 tests against your domain, pinpoints the issue and offers mitigation steps on how to fix it. You can automate this report with DNSalerts – we will monitor your DNS around-the-clock and notify you via email if problems arise.

Note: This critical DNS flaw was discovered by Dan Kaminsky, Director of Penetration Testing for IOActive. To learn more, visit doxpara.com.




Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.