Poisoned DNS Woes Grow

It's been weeks since Dan Kaminsky revealed that the Domain Name System (DNS) that underlies the Internet's address routing system was dangerously flawed. It's been a slightly shorter time since patches were released, and yet unpatched DNS vulnerabilities still exist and are beginning to be exploited. Why aren't we surprised?The latest example of a poisoned DNS cache -- an exploit that can direct browsers to malicious Web sites -- involves a DNS server on one of China's largest Internet Service Providers (ISP.)

The exploit on the evidently unpatched China Netcom DNS server takes advantage of misstyped domain names: ISP customers who strike a wrong character risk being redirected to a malicious Web site.

There are plenty of other indications that a storm of DNS exploits and exploit-attempts is beginning to gather force. E-mail security company Message Labs, for instance, has detected a more than 50 percent increase in what it describes as "suspicious DNS traffic" over the last few weeks.

Like everybody else, bMighty has been talking about the DNS problem for awhile, and the fact that we're still talking about unpatched DNS servers -- and especially unpatched servers at major ISPs -- indicates that we'll continue to do so for awhile yet.

Not sure about your own ISP's DNS server? There's a tester button on Dan Kaminsky's homepage that's worth a click. (He's added an experimental mail server test as well.)