DNS Cache Poisoning Issue Update

Published: 2008-07-30. Last Updated: 2008-07-30 21:20:49 UTC
by David Goldsmith (Version: 1)

Ok, we have a confirmed instance where the DNS cache poisoning vulnerability was used to compromise a DNS server belonging to AT&T. This PCWorld article covers the incident. The original article makes it sound as though the Metasploit site was 'owned' by this incident when really the issue was that the AT&T DNS server was compromised and was providing erroneous IP addresses to incoming queries. This updated PCWorld article clarifies the first one.

Additional details can be found in this Metasploit blog post.

So we've moved from "the bad guys are out there" past "the invaders are at the gate" and on to "the bad guys are slipping inside". If your organization has not yet patched your DNS servers (see here) , please do so now.

We may be raising our InfoSec status to yellow soon to help raise attention to the serious nature of this issue.

David Goldsmith

Keywords:

4 comment(s)

Comments

Seems to me that we should keep an eye out for DNS poisoning attacks affecting Antivirus websites for downloads of new pattern updates. Not sure how easy it would be to slip in a pattern file with a virus in it, but seems like it might be a significant attack vector.

It would seem as well that Anti-Virus would not be the only target. LavaSoft's Ad-Aware update site has not been available since July 26.
(Both the app's update URL and their own download.lavasoft.com/public site.)

Internet Storm Center

DNS Cache Poisoning Issue Update

Comments

JSK

Jul 31st 2008
1 decade ago

JSK

Jul 31st 2008
1 decade ago

JSK

Jul 31st 2008
1 decade ago

Tinqer

Aug 2nd 2008
1 decade ago

DNS Cache Poisoning Issue Update

Comments

JSK

Jul 31st 20081 decade ago

JSK

Jul 31st 20081 decade ago

JSK

Jul 31st 20081 decade ago

Tinqer

Aug 2nd 20081 decade ago

Jul 31st 2008
1 decade ago

Jul 31st 2008
1 decade ago

Jul 31st 2008
1 decade ago

Aug 2nd 2008
1 decade ago