Researchers have released software that exploits the recently leaked flaw in the Internet’s Domain Name System (DNS) software. That may mean IT admins are in for a enlarged weekend of implementing and analyzing the patch.

IOActive researcher Dan Kaminsky discovered the bug earlier that month. The attack cipher was released Wednesday by developers of the Metasploit hacking toolkit, headed by the infamous HD Moore.

By exploiting that vulnerability, an attacker can redirect an ISP’s users to a malicious phishing server every day they try to visit a valid Web site. The patches released through various vendors should protect from the threat, but it may be a rush for some.

Understanding the Root of the Threat

The threat emerges from two different issues with the DNS protocol, according to McAfee Avert Labs. DNS primarily uses UDP packets to send questions and receive answers. The client will accept any packet as an reply to its question on

three conditions: the packet is coming from the DNS server, the source and destination ports match the destination and source ports of the question packet and, most importantly, the transaction ID and question match its question.

“An attacker can spoof such an reply packet as towering as he can pretend to be the DNS server and plus guess the source port and transaction ID (the destination port is usually 53),” said Ravi Balupari, a shield researcher at McAfee Avert Labs. “The attacker plus needs to construct certain his spoofed reply packet reaches the client before the actual reply packet from the valid DNS server.”

Complicating matters, when a DNS server replies to a question, it can plus include additional info in the reply to assemble future processes more efficient. Combining the reply packet spoof with the additional knowledge makes the story more interesting considering it makes exploitation easier.

In…

Orginal post by Mike

Gismos Electronic Computers Games News Mechanical Gadgets Reviews Gizmo