Weapons of Mass Redirection
Protecting your users from malicious DNS servers
12:40 PM -- So you’re just starting to get your arms around the Web exploit threat, and now yet another threat rears its ugly head: the silent but deadly attack of the corrupted DNS resolution server. (See DNS Inventor Warns of Next Big Threat.)
Also known as DNS resolution path corruption, this attack is where compromised or bad DNS servers provide false information that sends users to malicious sites. In a newly released study, researchers from Georgia Tech and Google found 68,000 of these DNS servers on the Net. Paul Mockapetris, the inventor of the Domain Name System (DNS) and chief scientist and chairman of the board for network naming and address vendor Nominum, calls this threat “weapons of mass redirection.”
Most users don’t even have a clue that they connect to a DNS server, malicious or not. Mockapetris says there are still ways to help keep your end users safe from this type of attack, though.
First, make sure your local DNS servers are trustworthy, possibly with the help of your ISP. “Even if [you're] using free software, use the latest version,” he says. And make sure any DNS registry modifications get monitored, he adds.
Mockapetris recommends educating "road warriors" about the dangers of WiFi hotspots. Have them use a VPN connection over these Internet links. And don’t forget to secure your own intranet, he says: “Make sure that your DNS server technology is up to date. Consider DNS server software that actively looks for and defeats attacks if you are a high-value target,” he says.
You can also block port 53 (DNS) and force users to connect to your internal DNS servers. “If packets are blocked, check the sending machines for registry modifications," Mockapetris says.
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author
You May Also Like