Post Fri Nov 03, 2006 3:00 pm

Widespread DNS Weaknesses

This week I attended a conference in Fargo, ND; IT Security: a call to action for the education community.  Being someone that works for a University, I am well aware of the poor reputation that Universities have for security.

One evening while I was there I went over to Barnes and Noble and had the opportunity to browse Hackers Challenge 3, and I read about the DNS Cache attack in Chapter 3.  By the way, that is a great book.

The next day one of the presenters, Joe St. Sauver, was talking about the four biggest monsters that are lurking out there threatening to bite our organizations, and he presented a statistic from a survey that found that 75% of all name servers world wide run as open recursive name servers.  He also provided a link to http://dnsreport.com where you can check out the status of your own domain.  I was disappointed to learn that my own domain has some serious flaws that need to be addressed.

The speaker went on to discuss using open recursive name servers to launch distributed denial of service attacks, or using DNS cache poisoning to lure people to fishing sites.

It was a very good presentation, and if you ever have the opportunity to hear Joe St. Sauver speak I encourage you to take advantage.  The main point of this posting though is to bring up how widespread these problems are, and the damage that can be done.  If 75% of DNS Servers are open to this kind of attack then chances are someone who is reading this is vulnerable.  So please take a moment to check our your domain with http://dnsreport.com.