Attack details on how to quickly take over a vulnerable DNS server - essential for every network to guide Internet traffic - are now officially public after researcher Dan Kaminsky's BlackHat presentation. If you want to make sure your company is safe, here's what you need to know.
1. It's real. While some have charged that the risk has been overblown, it's clear that the flaw allows for hijacking an entire network's Internet traffic. All e-mails sent outside the company could be intercepted. Any attempt to visit any external Web site from a company PC could be forced to run an attack page instead. Similar flaws have been hit before in just such ways.
2. It requires a careful fix. While applying a patch to DNS servers is essential, it also has to be done carefully. Any change to crucial network infrastructure such as these servers has the potential to effectively shut down your network if it's done wrong. Make sure your IT does it carefully - and outside of normal work hours.
3. Internal servers aren't safe. Your mistaken IT might tell you your servers are safe because they sit behind a firewall. They aren't. Kaminsky outlined a number of ways that internal, firewall-protected servers could be poisoned (such as sending an e-mail from an attacker's controlled domain, forcing a dns lookup).
4. An easy check: to see if your company servers are vulnerable, run Kaminsky's easy check at doxpara.com (click the 'Check my DNS button on the upper right). A thumbs-up doesn't necessarily mean your entire network is safe, as you may have different dns servers in use for different parts of your network.
5. Your fix-it options: Apply the patch for your particular DNS server. Or switch to a protected service like OpenDNS where you use their servers.
On a final note, Kaminsky says that most home users are probably safe, as the ISP servers they use for DNS are likely updated. But you can use Kaminsky's test from home, and if your ISP has a problem you can also use OpenDNS.
For technical details on the flaw, take a look at from his BlackHat presentation.
Ad Choices
Comments