Internet open to attack on DNS

***Brian Turner*** · 01-05-2006, 01:49 PM

Quite surprising - but apparently up to 85% of the net could be wiped out by simple co-ordinate attacks on DNS servers:

http://www.platinax.co.uk/news/28-04...erious-attack/

Quote:

The problem is due to the way that website addresses work, which relies on a small number of computers around the world - known as servers - to direct surfers to any particular website.

This becomes an acute issue if one or more of these computers does not have up to date security patches applied.

On this issue alone, up to a third of all websites are vulnerable because of poor security keeping on a large number of servers.

However, if combined with simple attacks to knock out the best patched servers, as much as 85% of the internet’s websites could be affected.

I never realised how vulnerable the net was to such possibilities - but how difficult would it be to modify the internet's architecture properly to prevent such theoretical attacks?

rtroxel · 01-05-2006, 04:00 PM

how difficult would it be to modify the internet's architecture properly to prevent such theoretical attacks?

Nothing needs to be modified. The internet servers need to be duplicated. This is called redundancy, and it's as old as the Internet itself.

The Internet was begun in 1969 in the US in order to duplicate key data processing centers in major cities. Any government data on taxes, the military or whatever would be transmitted daily to processing centers in obscure parts of the US, like Ithaca, NY. Then, if the Soviets dropped the Big One on Washington, no government data would be lost.

To put that in modern (or more peaceful) terms, businesses should duplicate their day's work on backup servers. Institutions that operate DNS servers should have backups as well, and they probably do. If an Internet worm knocks down one DNS server, a new one can be rolled into position quickly (I hope).

***Brian Turner*** · 02-05-2006, 08:58 AM

Certainly the article raises the point of needing more redundancy - but there's also the issue of weaknesses in DNS itself Have you seen this?
http://www.threadwatch.org/node/6164

rtroxel · 02-05-2006, 01:07 PM

Brian,

I checked the article on Threadwatch, as well as the forum on Webmasterword at:
http://www.webmasterworld.com/forum5/7481.htm

I'm not familiar with this specific problem, but a good way to check on whether your servers are operating correctly is with DNSReport.com. It is a free testing service. There is also a forum at:
http://www.dnsstuff.com/pages/forums.htm

Not to sound like an alarmist, but I did run a test on www.platinax.co.uk, and it returned numerous errors and warnings:

Open DNS servers
Missing (stealth) nameservers
Stealth NS record leakage
Reverse DNS entries for MX records

***Brian Turner*** · 02-05-2006, 02:42 PM

Hm...thanks for that - I guess I'd better chase this up.

**TWD-Tony** · 02-05-2006, 03:49 PM

Missing (Stealth) servers and stealth NS leakage are probably reporting the same error - usually caused when more than one set of nameservers are used on the same domain.
Reverse DNS is slightly more serious as some email systems can reject emails without a rDNS entry.

**TWD-Tony** · 02-05-2006, 05:04 PM

Here is a small how-to on how to fix the open DNS servers error and recursive DNS lookups - you will need root access to your server to fix it (or get your host to fix it) http://www.webhostingworld.co.uk/lin...8.html#post645

01-05-2006, 04:00 PM	#2 (permalink)
rtroxel Senior Member Join Date: Oct 2004 Location: Bel Air, Maryland Posts: 414	Re: Internet open to attack on DNS how difficult would it be to modify the internet's architecture properly to prevent such theoretical attacks? Nothing needs to be modified. The internet servers need to be duplicated. This is called redundancy, and it's as old as the Internet itself. The Internet was begun in 1969 in the US in order to duplicate key data processing centers in major cities. Any government data on taxes, the military or whatever would be transmitted daily to processing centers in obscure parts of the US, like Ithaca, NY. Then, if the Soviets dropped the Big One on Washington, no government data would be lost. To put that in modern (or more peaceful) terms, businesses should duplicate their day's work on backup servers. Institutions that operate DNS servers should have backups as well, and they probably do. If an Internet worm knocks down one DNS server, a new one can be rolled into position quickly (I hope).

02-05-2006, 08:58 AM	#3 (permalink)
*Brian Turner* Business Guru Join Date: Dec 2003 Location: Near Inverness, Highlands, Scotland Posts: 7,933	Re: Internet open to attack on DNS Certainly the article raises the point of needing more redundancy - but there's also the issue of weaknesses in DNS itself Have you seen this? http://www.threadwatch.org/node/6164 __________________ SEO specialist.

02-05-2006, 01:07 PM	#4 (permalink)
rtroxel Senior Member Join Date: Oct 2004 Location: Bel Air, Maryland Posts: 414	Re: Internet open to attack on DNS Brian, I checked the article on Threadwatch, as well as the forum on Webmasterword at: http://www.webmasterworld.com/forum5/7481.htm I'm not familiar with this specific problem, but a good way to check on whether your servers are operating correctly is with DNSReport.com. It is a free testing service. There is also a forum at: http://www.dnsstuff.com/pages/forums.htm Not to sound like an alarmist, but I did run a test on www.platinax.co.uk, and it returned numerous errors and warnings: Open DNS servers Missing (stealth) nameservers Stealth NS record leakage Reverse DNS entries for MX records

02-05-2006, 02:42 PM	#5 (permalink)
*Brian Turner* Business Guru Join Date: Dec 2003 Location: Near Inverness, Highlands, Scotland Posts: 7,933	Re: Internet open to attack on DNS Hm...thanks for that - I guess I'd better chase this up. __________________ SEO specialist.

02-05-2006, 03:49 PM	#6 (permalink)
TWD-Tony Super Moderator Join Date: May 2005 Location: Manchester Uk Posts: 512	Re: Internet open to attack on DNS Missing (Stealth) servers and stealth NS leakage are probably reporting the same error - usually caused when more than one set of nameservers are used on the same domain. Reverse DNS is slightly more serious as some email systems can reject emails without a rDNS entry. __________________ Tony Total Web Development - Business Website Solutions. Check out the latest football rumours at football-transfer.com! Give you business a social networking presence that works for you.

02-05-2006, 05:04 PM	#7 (permalink)
TWD-Tony Super Moderator Join Date: May 2005 Location: Manchester Uk Posts: 512	Re: Internet open to attack on DNS Here is a small how-to on how to fix the open DNS servers error and recursive DNS lookups - you will need root access to your server to fix it (or get your host to fix it) http://www.webhostingworld.co.uk/lin...8.html#post645 __________________ Tony Total Web Development - Business Website Solutions. Check out the latest football rumours at football-transfer.com! Give you business a social networking presence that works for you.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode