Home Business IT Security Nominum clobbers DNS cache poisoning vulnerability
Internet software company, Nominum, has released a new version of its DNS server software that is claimed to offer much greater protection from the notorious DNS cache poisoning vulnerability unveiled earlier this year by security researcher Dan Kaminsky.

By exploiting the cache poisoning  vulnerability hackers can insert a false IP address into the cache of domain name-to IP-address references maintained by all ISPs, and many enterprise systems, redirecting a request for a genuine site to any site of their choosing.

Nominum software provides DNS  services for some 120 million broadband users around the world and it was quick off the mark to implement the initial fix for the Kaminsky vulnerability. However this fix, a technique know as UDP source port randomisation, did not address the underlying problem: it simply made exploitation several orders of magnitude harder. And in fact one researcher claims to have already cracked this protection but he was operating over a 10GBE Lan which enabled him to make many more attempts per hour than would be possible over the public Internet.

Now, according to Nominum, a new release of its Vantio caching DNS server platform "provides multi-layer intelligent defences that defeat DNS cache poisoning and other attacks, including the recently publicised Kaminsky vulnerability...[and that] far surpasses the recently released industry standard UDP source port randomisation (UDP SPR)....[and] negates the brute force advantage attackers gained with the latest DNS cache poisoning vulnerability.'

Dr Paul Mockapetris, chairman and chief scientist at Nominum and inventor of the DNS, said: "Literally one day after details of the Kaminsky cache poisoning attack were revealed, UDP source port randomisation was defeated in 10 hours by security researchers using brute-force spoofed response. Nominum's multi-layered approach eliminates the risk of a successful attack."

Key benefits claimed for the new release are that it:
- Resists and stops all forms of cache poisoning attacks;
- Defends automatically against query response spoofing and takes attackers out of loop;
- Prevents hijacking of subscriber traffic, or 'pharming" attacks;
- Identifies perpetrators and records attack attempts;
- Provides protection in enterprise and service provider networks that use network address translation (NAT), which can undermine UDP SPR;
- Reduces the chance of poisoning answers for valuable domains to zero.

FREE REPORT - IT MONITORING TOOLS COMPARISON

Are you looking to find the most efficient IT Monitoring tool available?

IT Monitoring is an essential part of the operations of any organisation with a significant network architecture.

Multiple IT monitoring platforms are available on the market today, supporting the various needs of small, medium-sized, and large enterprises, as well as managed service providers (MSPs).

This new report studies and compares eight different IT monitoring products in terms of functionality, operations, and usability on the same server platform with 100 end devices.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

Download your free report to find out.

DOWNLOAD!

Stuart Corner

 

Tracking the telecoms industry since 1989, Stuart has been awarded Journalist Of The Year by the Australian Telecommunications Users Group (twice) and by the Service Providers Action Network. In 2010 he received the 'Kester' lifetime achievement award in the Consensus IT Writers Awards and was made a Lifetime Member of the Telecommunications Society of Australia. He was born in the UK, came to Australia in 1980 and has been here ever since.

Connect