Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Serious security vulnerability in BIND 9 DNS server


Add to     Digg this story Digg this

August 8, 2007

Various Internet security firms warn that a serious vulnerability in BIND 9, the software widely used in the Web’s DNS addressing system. Most users of this popular software, which include ISPs and large Web hosting providers, are being cautioned to repair the security holes in this software immediately, in order to prevent end users from being victimized by pharming attacks, when they are directed to a website set up by cyber criminals.

BIND 9, or Berkeley Internet Name Domain ver. 9, is among the most widely used software packages used on DNS (Domain Name System) servers.

When an Internet user types a Web address into a browser, the request goes to a DNS server, which finds the corresponding numerical IP address and locates the specific Web site that was requested.

For inherent security reasons, when a browser queries a DNS server, a random 16-bit transactional ID is used to verify the response from the server. But according to Amit Klein, CTO (chief technology officer) at security vendor Trusteer Ltd., the transaction ID isn't random at all and very easy to predict by a would-be attacker.

The vulnerability in BIND 9 could allow a potential hacker to force the DNS server to return an incorrect website to a user, a deceptive method known as DNS cache poisoning, commonly referred to as pharming.

Klein added that the problem exists in all BIND 9 releases when the software is being used in a caching server configuration.

Other security observers also confirmed the problem.

Johannes Ullrich, chief technical officer of the SANS Internet Storm Center wrote “this is very much a feasible attack. It is best to patch and secure your BIND server as soon as conveniently possible.”

Ironically, Klein released his paper the same day that Internet Systems Consortium Inc. issued a security patch for the same problem. ISC is a nonprofit organization and the caretaker of BIND 9, which is used on about 80 percent of the DNS servers on the Internet.

ISC advised users to install an upgrade for BIND 9 from its Web site.

The problem is particularly worrisome since most desktop security software isn't effective at preventing this style of attack, Klein wrote. The attack doesn't directly involve a user’s computer or the DNS server, but rather data that is cached on that server.

Today, most modern DNS servers cache queries, or store them in RAM memory, simply to improve and speed up overall performance.

However, if a potential attacker requests a Web address that isn't stored in the server’s cache, a hacker could flood the cache with falsified information, such as the address of a completely different Web site, which would then be returned for future DNS queries, Klein wrote.

Add to     Digg this story Digg this

Source: IT World Canada


Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer