Author Topic: More and more abuse of the DNS leak seen...  (Read 2694 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
More and more abuse of the DNS leak seen...
« on: August 26, 2008, 12:57:19 AM »
Hi malware fighters,

Again an analysis of what impact the DNS vulnerability can have:

Domain Name System-servers translate domain names into ip-addresses.
There are two kind of DNS-servers: authoritative and caching name servers.
Only the latter type of DNS-server (also known as ‘resolving name servers')
is vulnerable for the leak that security expert Kaminsky found.
Caching name servers are not familiar with all domain names on the whole of the Internet,
therefore they send out translation requests to ‘authoritative' DNS-servers.
In such a translation-request the DNS-server asks for the ip-address to correspond with a certain website- or mail address.

The present DNS-hole enables malcreants to pose as an authoritative DNS-server.
They can take over an (unpatched) name server within 0,7 secs
after a ‘brute force' attack has started to fill the cache with fake ip-addresses.
From that moment on they can do more than redirect mail only
or redirect website visitors to fake websites.

They can abuse the File Transfer Protocol (FTP) through the DNS leak
as well as the authentication- and encryption protocol Secure Socket Layer (SSL).
Internet banks use SSL to secure money transactions that go via https.

Also automatic software update services are vulnerable to be abused through a name server.
This for instance to get malware into a commercial Intranet.
According to Kaminsky Windows Update is an exemption to this rule.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48617
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: More and more abuse of the DNS leak seen...
« Reply #1 on: August 26, 2008, 01:56:31 AM »
As already mentioned in the other thread, all you need to protect yourself from this, is to start using OpenDNS
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

micky77

  • Guest
Re: More and more abuse of the DNS leak seen...
« Reply #2 on: August 26, 2008, 04:58:04 PM »
As already mentioned in the other thread, all you need to protect yourself from this, is to start using OpenDNS
I'd like to thank you for that Bob,you mentioned OpenDNS a few weeks ago.I now use it,it also blocks porn, and virtually anything you want to block.Great, as I now have a pc downstairs for the kids. :)

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48617
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: More and more abuse of the DNS leak seen...
« Reply #3 on: August 27, 2008, 06:10:07 AM »
Your welcome micky77,
I've been using it for quite a while and am extremely happy with the added safety features it provides. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet