DNS exploit code released by Metasploit founder

Experts say DNS attacks against unpatched servers are imminent.

Metasploit Project founder H.D. Moore released the exploit for the recent DNS cache-poisoning vulnerability via his Metasploit Framework.

The code was released Wednesday, a day after noted reverse engineer Halvar Flake successfully guessed the details of the flaw. Flake published his findings on his blog, opening up a flood of questions from researchers about the controlled release of the flaw, and the one month delay in announcing the details.

Security researcher Dan Kaminsky announced the discovery of the flaw July 8 when DNS vendors rallied to conduct a massive coordinated patch release. Kaminsky said he wouldn't reveal details of the flaw until his Black Hat presentation in August. Keeping the details a secret would give IT administrators time to deploy the patch, he said.

Experts say that releasing the exploit code via Metasploit almost assures that attacks will take place. The Metasploit Framework is a tool used to conduct security vulnerability research. It allows security pros to test their systems without having to code their own exploits.

A successful DNS attack could happen in seconds. The technique involves overloading the server with requests until a legitimate answer is received. An attacker must redirect the name server to a bogus IP address and dupe the server into believing that the queried domain is legit.

On his Doxpara Research blog, Kaminsky warned administrators to immediately patch their systems.

Dig deeper on Emerging Information Security Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close