iTWire - One in four domain name servers wide open to attack

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

One in four domain name servers wide open to attack

One in four domain name servers wide open to attack

E-mail

by Stuart Corner
Friday, 14 November 2008
Dan Kaminsky's discovery earlier this year of a new way to attack domain name servers caused near panic in the global Internet community and a rush to implement protection measures. But one in four servers remains vulnerable, according to a survey undertaken by Infoblox. Featured Whitepaper 5 Best Practices for Smartphone Support "Given the heightened awareness of DNS server vulnerabilities due to the recent Kaminsky discovery, it is surprising to see how many organisations are still leaving their DNS systems as potential victims of attack," said Cricket Liu, vice president of architecture at Infoblox. The survey also found that almost half of all domain name servers are vulnerable to distributed denial of service attacks. This just days after Arbor Networks released its annual Worldwide Infrastructure Security Report which found the size of DDoS attacks far outstripping bandwidth growth in the network. Arbor reported that the largest attack - a 40Gbps flood mounted as an extortion attempt - was ended only by the target organisation paying money to the perpetrators. Liu added that "Even if an enterprise has gone to the trouble of patching against the Kaminsky vulnerability, there are many other aspects of configuration, like recursion and open zone transfers, that should also be secured. "If not, organisations are essentially locking their door to their house, but leaving the windows wide open. Organisations clearly need to pay more attention to configurations and deployment architectures that are leaving their DNS infrastructures vulnerable to attacks and outages." Infoblox says its survey was based on a sample that included five percent of the IPv4 address space, nearly 80 million addresses. It found that: - One in four DNS servers does not perform source port randomisation - the basic 'patch' for the Kaminsky vulnerability; - More than 40 percent of Internet name servers allow recursive queries. "[These are] a danger both to themselves and others – they are vulnerable to cache poisoning and distributed denial of service attacks," Infoblox claims. - Thirty percent of DNS servers surveyed allow zone transfers to arbitrary requestors, leaving them easy targets for denial-of-service attacks. The long term solution to the Kaminsky vulnerability, and a host of other threats to DNS, is DNSSEC, but the survey found that only .002 percent of DNS zones tested support DNSSEC. "Administrators have not been convinced of its importance - perhaps intimidated by its complexity - but new mandates could mean a significant change in the near future," Infoblox said. Tags See All Tags Crime DDoS DNS Internet Security Security Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking