Skip navigation

Tag Archives: cache poisoning flaw

In News of the DNS flaw Kaminsky (finally) provides DNS flaw details. “In his first public comments since his Domain Name System (DNS) cache poisoning flaw was made public, Dan Kaminsky said in a conference call on Thursday he doesn’t want to parse who said what when. He just wants everyone to understand that they must patch their systems now.” Also Steve Gibson talks about the flaw in his podcast he does every week in episode #155 Bailiwicked Domain Attack & also episode Listener Feedback #47.

“This would be less of an issue if the widely released patch from two weeks ago had been fully deployed, but a number of companies or ISPs don’t seem to have gotten the memo. Accordingly to Kaminsky, some 52 percent of DNS servers are still vulnerable to the attack. This is a marked improvement from the 86 percent vulnerability rate in the days immediately following the patch’s release, but it’s still far too high, especially with dangerous code now squirreling its way across the Internet. Patch deployment is not an instant process, even if the company is on the ball, but we’ll hopefully see the number of patched DNS servers skyrocket in the next few days.

Some publications have dubbed the attack Metasploit, but that term refers to the open-source Metasploit Framework that was used to develop it. As for the exploit itself, it’s a new variation on a classic DNS poisoning theme. It disrupts the normal translation functions of a DNS server, causing it to redirect users to websites other than the ones they intended to visit. A poisoned DNS server, for example, could send someone to when they had actually typed into the address bar. DNS poisoning isn’t new—vulnerabilities have existed for over a decade—but the one Kaminsky discovered increases the power of a successful attack.

Kaminsky has now detailed the methodology of a standard DNS poisoning attack and provides additional information on the vulnerability he discovered. As he describes it, a DNS lookup request is essentially a race between a good guy and a bad guy, each of whom possess certain advantages. The good guy knows when the race begins, and he knows the secret code that’s been sent along with that request in order to verify that the response coming back is actually authentic. The bad guy doesn’t have this code, but he actually decides when the request goes out, and he knows about the request before the good guy does.”

This problem was found by Dan Kaminsky a wile ago and ISP’s did not listen to him so he went public and now the world knows the problem and how to exploit it.  “He just wants everyone to understand that they must patch their systems now.”

“While most of the burden is on the Domain Name System servers and the various systems that support them, the nature of the flaw is such that desktop clients also need to patch their software as well.”

“Still, in the end, protection from any DNS exploit also depends on your upstream ISP providers. As of Monday, researcher Neal Krawetz was reporting that servers at several high-profile ISPs remained vulnerable. ”

You can get more info about this DNS Flaw at

Microsoft Security Bulletin MS08-037

If you want more info about your DNS and if it is safe go to my other post called “Test your DNS NOW!!!” also if you want more info listen to Steve Gibson on episode #155 Bailiwicked Domain Attack & also episode Listener Feedback #47, at (Secure connection) or SSL or at for unsecure. If you want to visit Dan Kaminsky at his blog at or on twitter at dakami. Ohh… one more thing Steve Gibson said that if you go to any site that is on an SSL (Secure Connection) This will be the right sight and can’t be spoffed because they would not allow the certificite for the site to go through because it goes on 443 not 80. Also if you want to laugh or cry or whatever you think this is you can read a poem about the DNS flaw and Dan Kaminsky.

“He decided than rather to disclose all at once he’d instead only tell people who’d fix it in months So some meetings were had and work soon began vendors wrote patches coordinated by Dan Fast forward some time out the closet it came some researcher types got into the game Dan’s rules were quite simple, that in 30 days he’d present during Blackhat and we’ll all be amazed A bunch of big egos called Dan on a bluff said his vuln was a copy of 10 year old stuff So Dan swore them on handshakes and details were provided and those same cocky claims soon all but subsided It seems that Dan’s warnings weren’t baseless at all Said the same skeptical hackers ‘the risk isn’t that small!’ So Blackhat was nearing the web didn’t break then out came a theory from our friend Halvar Flake No sooner had he posted and described the vuln’s guts than Matasano’s blog surfaced, kicked the web in the nuts It said ‘Halvar’s right!’ we’ll no longer keep quiet. The post’s ripple effect caused a nasty ‘net riot The blog quickly was pulled but the cat’s out of the bag the arms race began since there’s no longer a gag Meanwhile the issues of honor and trust rehashed the debate of when disclosure goes bust So Dan’s days of thirty we never did see thirteen is OK but I issue this plea When researchers consider how to disclose and thus when will you think of the users? How it might affect them? This ego-fueled rush to put your name on a vuln has a much bigger impact than you might have known If the point here is really to secure and protect then consider what image you really project In this case the vuln. is now in the wild an exploit is coming DNS soon defiled The arms race has started and the clock now is ticking If you haven’t yet patched you’ll soon take a licking I’m not taking sides really on the disclosure debate but rather the topic of patch early or late What good is disclosure if the world couldn’t cope with the resultant attacks if we’ve all got just hope? There’s two sides to this issue both deserve merit but Dan’s rep has been smeared I say let’s just clear it”

-Christofer Hoff.