One-quarter of DNS servers are still not patched against cache poisoning, study says
More than six months after the discovery of security flaws in the Internet's core addressing system, many Domain Name System (DNS) servers are still open to attack, according to a study published today.
According to a report on DNS trends published by Infoblox and the Measurement Factory, approximately one in four DNS servers still does not perform source port randomization, the chief patch for the so-called "Kaminsky vulnerability" that was discovered by researcher Dan Kaminsky in the first half of last year and fully disclosed at the Black Hat conference in August.
"A surprising number have not been upgraded and are very vulnerable to cache poisoning," the report states.
The study, which took a sample of 5 percent of the Internet's IPv4 address space -- about 80 million addresses -- also showed that more than 40 percent of Internet name servers allow recursive queries, which is one of the design flaws that might enable attackers to abuse Internet address spaces for their own purposes. About 30 percent allow zone transfers to arbitrary requestors, another flaw that could lead to vulnerabilities such as those discovered by Kaminsky.
Only 0.002 percent of DNS zones in the test were found to support DNSSEC, which is widely viewed as a possible "next step" in reducing the effects of DNS security flaws. "Administrators have not been convinced of its importance -- perhaps intimidated by its complexity -- but new mandates could mean a significant change in the near future," the study says.
The researchers found that 90 percent of DNS server operators are running the most current version of BIND, and that reliance on the vulnerable Microsoft DNS Server has dropped to 0.17 percent. Adoption of IPv6, which is designed to provide greater security, continues to be slow, the study says.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024