The first attacks on the high-profile Kaminsky DNS flaw have been reported
First DNS attacks reported
/v3-uk/news/1966889/first-dns-attacks-reported
28 Jul 2008, Shaun Nichols , V3
The first attacks to use the so-called Kaminsky DNS vulnerability have surfaced, according to reports.
A user named James Kosin sent details of the attack to a Fedora Linux mailing list.
Kosin posted a log which he said was gathered on the night of 24 July. The attack attempts to access the server cache for entries to such sites as MySpace, eBay and Wachovia.
The attack targets a vulnerability in the Domain Name System in which an attacker could alter the cache on a DNS server to redirect site requests to malicious third-party sites.
"The spooks are out in full on this security vulnerability. Patch or upgrade now," wrote Kosin.
Industry experts, including Kaminsky himself, have issued similar warnings to administrators. Kaminsky held off releasing the details of the flaw until vendors could release a patch.
Exploit code for the vulnerability was posted last week as a module for the Metasploit framework.
Experts believe that most major ISPs and vendors have patched the flaw, but poorly-maintained DNS servers could still be open to the attack.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Not an attack
That client IP (143.215.143.11) points back to the Georgia Institute of Technology. Likely someone doing their own tests and not a phisher/spammer/attacker.
Posted by Kevin, 28 Jul 2008