Article

Experts warn of DNS vulnerabilities

Bill Brenner

An attacker could exploit vulnerabilities in implementations of the Domain Name System protocol to cause a denial of service in a variety of products, British-based National Infrastructure Security Co-Ordination Centre (NISCC) said.

The NISCC advisory

    Requires Free Membership to View

said "many vendors include support for this protocol in their products and may be impacted to varying degrees, if at all." Two DNS experts, Roy Arends and Jakob Schlyter, found several vulnerabilities in the protocol, an Internet service that translates domain names into Internet Protocol (IP) addresses. Noting the importance of the protocol, the NISCC said, "Because domain names are alphabetic, they're easier to remember. However, the Internet is really based on IP addresses; hence, every time a domain name is requested, a DNS service must translate the name into the corresponding IP address."

The advisory said the vulnerabilities "are a result of liberal interpretation of the DNS protocol by implementers. DNS uses a message format to provide a mechanism to resolve domain names into IP addresses; a message can either be a 'query' or a 'response.' By implementing the protocol in such a way in which a 'response' is allowed to be answered with a 'response,' this will cause messages to bounce back and forth between the servers and hence cause a query-response storm that can result in a denial-of-service attack."

Furthermore, the NISCC said, by sending these implementations a query that appears to originate from the local host on UDP Port 53, the server "will respond to itself and will keep responding to these responses," entering a loop that can exhaust system resources and result in a denial-of-service attack.

Several vendors whose products may be affected are listed in the advisory. Of them:

  • Swedish video networking firm Axis Communications Inc. said the vulnerability has been eliminated from its products.
  • Cisco Systems of San Jose, Calif., is evaluating the vulnerabilities and will release a security advisory if it confirms the vulnerability affects its products.
  • VeriSign Inc. of Mountain View, Calif., said the vulnerability had affected its ATLAS platform but has been corrected. New code addressing the issue was deployed in January.
  • The other vendors listed in the advisory said they investigated the issues and found their products are not affected.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: