Righteous Wrath Online Community

General => Lobby => Topic started by: Thorin on July 27, 2008, 01:10:45 PM

Title: New Vulnerability in DNS Servers?
Post by: Thorin on July 27, 2008, 01:10:45 PM
A new vulnerability on DNS servers was found a few months ago, and was detailed recently.  This was actually a scary read: http://www.doxpara.com/

Quote
Before the attack:  A bad guy has a one in sixty five thousand chance of stealing your Internet connection, but he can only try once every couple of hours.

After the attack:  A bad guy has a one in sixty five thousand chance of stealing your Internet connection, and he can try a couple thousand times a second.

After the patch: A bad guy has a one in a couple hundred million, or even a couple billion chance of stealing your Internet connection.  He can still try to do so a couple thousand times a second, but it?s going to make a lot of noise.

Basically, the new attack compromises automatically-trusted "in-bailiwick" servers...
Title: Re: New Vulnerability in DNS Servers?
Post by: Tom on July 27, 2008, 01:47:04 PM
Yeah, its a nasty bug, and its not specific to one code base, but to MOST dns servers since its a design flaw in the DNS protocol itself.

the .org registrar is switching to DNSSEC which will close all sorts of dns flaws, at least when using the .org namespace.

My firewall's dns server was suceptible, but a "apt-get update && apt-get upgrade" fixed it :) (I use a local bind9 service, so I don't have to rely on shaw's crappy DNS or "OpenDNS" which can be annoying when it rewrites results).

If you want to check yours, click the check dns button on that doxpara page :)
Title: Re: New Vulnerability in DNS Servers?
Post by: Lazybones on July 27, 2008, 05:29:18 PM
unless they updated the test all it does is check if your DNS new on a random port, there is much more to it than that. Our firewall fails the test but is not vulnerable due to it's specific implementation.
Title: Re: New Vulnerability in DNS Servers?
Post by: Tom on July 27, 2008, 06:31:20 PM
probably because it uses djb, its one of the only "normal" DNS servers that isn't affected (the implementer worked around the problem a while back).