Saturday, October 25, 2008

DNS Multiple Race Exploiter

DNS Multiple Race Exploiter is a tool that exploits an inherent flaw in the DNS Server Cache. By sending many queries to a DNS server along with fake replies, an attacker can successfuly writes a fake new entry in the DNS cache. Also, this type of attack can overwrite an existing entry. For example, if the DNS server's cache already has www.example.com => 1.2.3.4, the attack can overwrite it with www.example.com => 4.3.2.1. The attack is made easy since the majority of DNS servers does not randomize the UDP source port number. Patched DNS servers randomize the UDP source port number, however, that will not eliminate the flaw; it will only increase the time required to poison the cache. Poisoning unpatched systems would take a period seconds, however, poisoning patched systems would take a period of hours. DNS Multiple Race Exploiter is made to attack both patched and upatched systems.

The attack has been discovered by Dan Kaminsky, and announced by him in July 2008.

DNS Multiple Race Exploiter

No comments: