DNS exploit haunts researcher

A researcher saw his company affected by a flaw for which he helped to write an exploit

A security researcher who helped to develop a DNS exploit is seeing the implications firsthand after an attack on a local ISP resulted in traffic redirections for his company.

H D Moore, who crafted the original DNS exploit module, said in a blog posting that an attacker managed to run the cache-poisoning attack on a server belonging to AT&T's internet service in Austin, Texas.

As a result of the attack, servers at BreakingPoint Systems, the network security firm which employs Moore as director of security research, redirected employee machines from Google.com to a third-party site loaded with advertisements.

The attacks came with a dose of irony for Moore, who last week released the first working exploits for the highly-publicised DNS flaw.

The researcher downplayed the incident, scoffing at reports that his company had fallen victim to the attack.

"The attack itself was not malicious, did not load malware and had zero impact from an operational standpoint," Moore wrote.

"No systems were compromised, no data was stolen and, most importantly, the target of the attack was the ISP, not the company that I work for."

The attack is the latest attempt at an 'in the wild' attack on the so-called Kaminsky DNS flaw.

Dan Kaminsky discovered the flaw last spring and had been attempting to keep the details under wraps until a presentation at next month's Black Hat conference in Las Vegas.

Kaminsky had worked with major vendors on a fix for the flaw which led to the largest coordinated patch release in history.

His efforts were ultimately thwarted, however, when fellow researcher Halvar Flake stumbled on the vulnerability and publicly posted the details.