Hi malware fighters,
Again an analysis of what impact the DNS vulnerability can have:
Domain Name System-servers translate domain names into ip-addresses.
There are two kind of DNS-servers: authoritative and caching name servers.
Only the latter type of DNS-server (also known as ‘resolving name servers')
is vulnerable for the leak that security expert Kaminsky found.
Caching name servers are not familiar with all domain names on the whole of the Internet,
therefore they send out translation requests to ‘authoritative' DNS-servers.
In such a translation-request the DNS-server asks for the ip-address to correspond with a certain website- or mail address.
The present DNS-hole enables malcreants to pose as an authoritative DNS-server.
They can take over an (unpatched) name server within 0,7 secs
after a ‘brute force' attack has started to fill the cache with fake ip-addresses.
From that moment on they can do more than redirect mail only
or redirect website visitors to fake websites.
They can abuse the File Transfer Protocol (FTP) through the DNS leak
as well as the authentication- and encryption protocol Secure Socket Layer (SSL).
Internet banks use SSL to secure money transactions that go via https.
Also automatic software update services are vulnerable to be abused through a name server.
This for instance to get malware into a commercial Intranet.
According to Kaminsky Windows Update is an exemption to this rule.
polonus
