DNS Exploit In The Wild


We’ve been tracking Metasploit commits since Matasano’s premature publication of [Dan Kaminsky]’s DNS cache poisoning flaw on Monday knowing full well that a functional exploit would be coming soon. Only two hours ago [HD Moore] and [I)ruid] added a module to the Metasploit Project that will let anyone test the vulnerability (with comment: “ZOMG. What is this? >:-)“). [HD] told Threat Level that it doesn’t work yet for domains that are already cached by the DNS server, but it will automatically wait for the cached entry to expire and then complete the attack. You can read more about the bailiwicked_host.rb module in CAU’s advisory. For a more detailed description of how the attack works, see this mirror of Matason’s post. You can check if the DNS server you are using is vulnerable by using the tool on [Dan]’s site.

[photo: mattdork]

4 thoughts on “DNS Exploit In The Wild

  1. Time Warner never seemed keen on their DNS servers. I’ve had trouble before with their DNS servers not being up to date or simply not working right, and I bet the last thing they’d do to them is patch them immediately. Time Warner is a big ISP too, and I’d wish they’d wisen up on that a little, in case hell breaks lose.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.