Friday, July 25, 2008

DNS Attack Code Exploit

Metasploit Loads Up DNS Attack Code

Script kiddies and sophisticated hackers gained easy access to code for exploiting a critical flaw in the domain name service (DNS) system when the Metasploit Project added two attacks to its toolkit.

Back on July 9th, an advisory to major vendors of DNS systems advised them to patch their products with all due haste. Security pros with unpatched DNS systems under their purview reading this today need to get this done fast.

The Metasploit Project updated its framework to include code aimed at testing DNS for vulnerability to exploitation. A successful attack against DNS using the method discovered by Dan Kaminsky and confirmed by Halvar Flake would result in requests to a compromised nameserver being silently directed to a different website.

Threat Level learned from Metasploit maintainer and noteworthy security researcher HD Moore about the updates to the testing tool with this code. The two exploits make it "much more effective for wide-scale hijacking," according to Moore.

Much of the threat may have been mitigated already, due to work by Kaminsky and Paul Vixie in coordinating a global response with major vendors of affected products. It won't mean much if admins of vulnerable systems do not apply the patches; one hopes any stragglers will perk up today and get this done.

No comments: