DNS exploit in the wild

posted Jul 23rd 2008 7:00pm by Eliot Phillips
filed under: news, security hacks

We’ve been tracking Metasploit commits since Matasano’s premature publication of [Dan Kaminsky]’s DNS cache poisoning flaw on Monday knowing full well that a functional exploit would be coming soon. Only two hours ago [HD Moore] and [I)ruid] added a module to the Metasploit Project that will let anyone test the vulnerability (with comment: “ZOMG. What is this? >:-)“). [HD] told Threat Level that it doesn’t work yet for domains that are already cached by the DNS server, but it will automatically wait for the cached entry to expire and then complete the attack. You can read more about the bailiwicked_host.rb module in CAU’s advisory. For a more detailed description of how the attack works, see this mirror of Matason’s post. You can check if the DNS server you are using is vulnerable by using the tool on [Dan]’s site.

[photo: mattdork]

Read

Comments [4]

tagged: cache, dankaminsky, dns, druid, exploit, hdmoore, matasano, metasploit

Reader Comments

does the exploit affect the dns servers running the internet or just home systems?

Posted at 7:46 am on Jul 24th, 2008 by ejonesss

This affects any server not already patched.
If a major isp were to have an unpatched server someone could redirect sites to wherever they like.

Posted at 9:49 am on Jul 24th, 2008 by Mark

Time Warner RoadRunner DNS servers in Florida are still unpatched. :(

Posted at 7:38 pm on Jul 24th, 2008 by User

Time Warner never seemed keen on their DNS servers. I’ve had trouble before with their DNS servers not being up to date or simply not working right, and I bet the last thing they’d do to them is patch them immediately. Time Warner is a big ISP too, and I’d wish they’d wisen up on that a little, in case hell breaks lose.

Posted at 9:26 pm on Jul 24th, 2008 by winphreak

DNS exploit in the wild

Recent Posts

Reader Comments

Leave a Reply

Hacks

Resources

RSS newsfeeds

Most commented on (30 days)

Recent comments