Prepare for 'imminent' attack on core Internet DNS

Security experts are warning that an attack on the DNS system by which all Internet service addresses are created, maintained, and used, is imminent, following the accidental publication of the details of a flaw.

Share

Security experts are warning that an attack on the DNS system by which all Internet service addresses are created, maintained, and used, is imminent, following the accidental publication of the details of a flaw.

Several hackers are almost certainly already developing attack code for the bug, and it will most likely crop up within the next few days, said Dave Aitel, chief technology officer at security vendor Immunity. His company will eventually develop sample code for its Canvas security testing software too, a task he expects to take about a day, given the simplicity of the attack. "It's not that hard," he said. "You're not looking at a DNA-cracking effort."

The author of one widely used hacking tool said he expected to have an exploit by the end of the day Tuesday. HD Moore, author of the Metasploit penetration testing software, agreed with Aitel that the attack code was not going to be difficult to write.

The flaw, a variation on what's known as a cache poisoning attack, was announced on 8 July by IOActive researcher Dan Kaminsky, who planned to disclose full details of the bug during an 6 August presentation at the Black Hat conference.

That plan was thwarted when someone at Matasano accidentally posted details of the flaw, ahead of schedule. Matasano quickly removed the post and apologised for its mistake, but it was too late. Details of the flaw soon spread around the Internet.

And that's bad news, according to Paul Vixie, president of the company that is the dominant maker of DNS software, the Internet Systems Consortium. Vixie, like others who were briefed on Kaminsky's bug, did not confirm that it had been disclosed by Matasano. But if it had, "it's a big deal," he said.