MaldivianDigital® :: Forum

Go Back   MaldivianDigital® :: Forum > Site Related > Announcements & News
DNS threat DNS threat
Home Register FAQ Classifieds Arcade Radio and TV Members List Search Today's Posts Mark Forums Read

Announcements & News For announcements of what's happening with the Maldiviandigital.com forum and important news.

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 14-07-2008, 12:09 PM
Member
  
Join Date: Nov 2007
Posts: 76
Thanks: 64
Thanked 43 Times in 25 Posts
Rep Power: 6
Mudassar will become famous soon enough
DNS threat
Recently, a significant threat to DNS, was discovered, that would allow malicious people to impersonate almost any website on the Internet. Software companies across the industry have quietly collaborated to simultaneously release fixes for all affected name servers.

-------------------Insufficient transaction ID space---------------
  • The DNS protocol specification includes a transaction ID field of 16 bits. If the specification is correctly implemented and the transaction ID is randomly selected with a strong random number generator, an attacker will require, on average, 32,768 attempts to successfully predict the ID. Some flawed implementations may use a smaller number of bits for this transaction ID, meaning that fewer attempts will be needed. Furthermore, there are known errors with the randomness of transaction IDs that are generated by a number of implementations. Amit Klein researched several affected implementations in 2007. These vulnerabilities are described in the following vulnerability notes:
    • VU#484649 - Microsoft Windows DNS Server vulnerable to cache poisoning
    • VU#252735 - ISC BIND generates cryptographically weak DNS query IDs
    • VU#927905 - BIND version 8 generates cryptographically weak DNS query identifiers
  • Multiple outstanding requests
  • Some implementations of DNS services contain a vulnerability in which multiple identical queries for the same resource record (RR) will generate multiple outstanding queries for that RR. This condition leads to the feasibility of a 'birthday attack,' which significantly raises an attacker's chance of success. This problem was previously described in VU#457875. A number of vendors and implementations have already added mitigations to address this issue.
  • Fixed source port for generating queries
  • Some current implementations allocate an arbitrary port at startup (sometimes selected at random) and reuse this source port for all outgoing queries. In some implementations, the source port for outgoing queries is fixed at the traditional assigned DNS server port number, 53/udp.
You can visit those websites for more info:

http://www.kb.cert.org/
http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/

Regards,
Reply With Quote
To Advertise Us
 

Bookmarks

« Entry of TATA Sky, Dish TV Receivers Banned in Dubai Airport | Ex-Fox News analyst Snow dies, aged 53 »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
What Is The Biggest Threat? ahmedvisham Polls and Surveys 0 11-06-2008 04:22 PM
AUS vs IND: Australia's numero uno position under threat, warns Ganguly SaDdO Sports Discussions 3 21-01-2008 05:36 PM
French threat to Digital Switch timetable MAXIMUS Announcements & News 0 18-11-2007 10:10 AM
Microsoft U-turn on URI threat ahmedvisham Announcements & News 0 12-10-2007 07:57 AM
Roeder warning over Celta threat SaDdO Sports Discussions 0 23-11-2006 05:34 PM


All times are GMT +6. The time now is 05:46 AM.

Bookmark Us! - Contact Us - Arcade - Web Links - Site Map - MaldivianDigital® - Archive - Top

All posts and attachments are the responsibilities of their owners and not of this site|Ad Management by RedTyger
Free Page Rank Tool