[1st-mile-nm] Fwd: A note from Dan Kaminsky, Researcher of the DNS issue, for ISPs
Marianne Granoff
granoff at zianet.com
Tue Jul 22 07:57:16 PDT 2008
For the last several weeks Dan and others have been urging
folks to upgrade. Dan is putting something out now, because the
vulnerability was brought out in public.
>Dear ISP:
>
>As you have probably read, a large collection of DNS vendors, software
>publishers, and researchers published an update to their DNS servers and
>clients. There is now publication of the details of vulnerability which
>means exploit is more likely.
>
>The root cause of the vulnerability is a lack of entropy (randomness if
>you will) in the UDP ports used by DNS. The updates randomize the ports
>that are used by DNS.
>
>However, there is an issue (http://blogs.iss.net/archive/dnsnat.html)
>that some NAT devices undo the randomization of the ports and re-write
>the ports in a sequential number. This in effect re-introduces the
>vulnerability to customers. Many customers are behind these devices
>and customers using a low-end device are far less likely to understand
>the issues compare to customers behind a more powerful router or
>firewall device. Obviously consumers are a likely group to be in this
>situation, but so are SOHOs and other small and medium business
>customers.
>
>While the NAT device manufactures evaluate the situation and determine
>what their response should be, there is one strong workaround. It
>involves setting up your DNS in the way described here
>(http://www.isc.org/sw/bind/docs/forwarding.php). This means that
>the customer is relying on the ISP's server to be
>updated.
>
>Therefore I am urging all ISPs to make sure they update their servers,
>and encourage their users to update their systems.
>
>For more information you can go to my research page:
>http://www.doxpara.com/
>
>
>Dan Kaminsky
>IO Active
>
>
>--
>
>
>
>No virus found in this incoming message.
>Checked by AVG - http://www.avg.com
>Version: 8.0.138 / Virus Database: 270.5.3/1565 - Release Date:
>7/21/2008 6:36 PM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www2.dcn.org/pipermail/1st-mile-nm/attachments/20080722/9af02925/attachment.html>
More information about the 1st-mile-nm
mailing list