Microsoft offers DNS cache poisoning solution
April 8, 2005
Microsoft has recently updated its customer security advisories for protecting its Windows Server 2003 and Server 2000 software against DNS cache poisoning attacks, as a swift response to heightened security alerts.
The software giant revised its recommended settings for some Windows Server products late Wednesday, clarifying which default configurations could leave computers open to the DNS poisoning threat.
The security update was triggered by a report from the Internet Storm Center that it had received notices of a number of DNS cache poisoning attacks.
Sophistication of phishing attacks is increasing at a rapid pace.
DNS cache poisoning involves the practice of hacking into domain name servers and replacing the numeric addresses of legitimate Web sites with the addresses of malicious sites.
The scheme typically redirects Internet users to bogus Web pages where they may be asked for sensitive information or have spyware installed on their PCs,
In early March, ISC first warned of DNS cache poisoning attacks that were redirecting users to Web sites hosting malicious software, including spyware. The attacks involved several different technologies, including Microsoft server software and security applications made by antivirus specialist Symantec.
A second round of attacks in late March attempted to funnel Web surfers to sites that marketed prescription medications, and the spyware attacks reappeared over the course of the last week, the ISC said.
In a posting to the watchdog group's Web site, ISC researcher Kyle Haugsness said that the individuals launching the DNS attacks continue to shift their strategies to prey on those who have not updated their server settings.
"After monitoring the situation for several weeks now, it has become apparent that the attacker(s) are changing their methods and toolset to point at different compromised servers in an effort to keep the attacks alive," Haugsness wrote in the report.
The issue affects Windows Server 2003 (standard, enterprise and datacenter editions), Windows 2000 Server (also the advanced and datacenter versions) and Windows NT Server 4.0 standard edition, Microsoft said in its advisory. Servers with Service Pack 3 installed, or that run software sold after the update was released, are already protected from DNS cache pollution by default. Otherwise, the needed settings must be turned on using the products' DNS Management Console.
Get the best Linux or Windows Web hosting plan for your website.
ISC also outlined a second DNS cache poisoning scenario that exploits Microsoft products. Windows DNS servers, when they forward data to another server, expect the other servers to "scrub out" cache poisoning attacks. However, ISC said that in some cases, Windows DNS servers accept all data they receive in such transactions, regardless of their settings. The group recommended that people check to make sure that their server software is filtering out the DNS threats.
The increased frequency of DNS cache poisoning attacks led ISC to raise the threat rating for the problem to "yellow," indicating the emergence of a "significant new threat." The group's Infocon Internet infrastructure safety barometer, which tracks the gravity of threats to the Web's backbone, is similar to the color alerts used by the U.S. Department of Homeland Security.
While the yellow rating is only the third most severe score on ISC's four-color scale, it's worth noting that the group previously applied the same ranking to some of the Web's worst virus attacks, including the MSBlast and Slammer epidemics.
Source: C-Net News
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing