Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
A DNS server compromised by a hacker could be used to funnel Web surfers to all sorts of phishing attacks and malicious Web sites and even cause havoc with directory services and e-mail in some cases, according to the father of the technology, Paul Mockapetris.
"Once you control the DNS server, you have license to do phishing and farming attacks and mislead all the users of that DNS server," says Mockapetris, who in 1983 proposed the Domain Name System (DNS) architecture and is acknowledged, along with the late Jon Postel, as the technology's inventor.
The issue is a timely topic after Microsoft announced late Thursday that a vulnerability exists in its DNS server that could allow a hacker to take over the service.
Mockapetris says users with the Microsoft DNS server also should be concerned about Active Directory because the DNS holds start-up configuration data for the directory.
"I don't know the details of the Active Directory protocol, but there are obvious opportunities for mischief," he says, including denial-of-service attacks.
"E-mail is routed via DNS, so if you took over DNS you could misdirect e-mail. There is a lot of opportunity there," Mockapetris says.
The key is that DNS holds a trusted relationship with users because it is the node that directs them to Web sites based on the URLs that are typed into a browser's address bar or clicked on from a "Favourites" menu.
"The trust relationship is hierarchical. So what you get to do if you take over a DNS server is you get to confuse all of the clients that depend on that DNS server," Mockapetris says.
He says attacks to try and add bogus information to DNS servers or completely take them over have been around for quite some time. Microsoft's DNS vulnerability just opens up another avenue that is likely more of a danger to corporate users.
Large ISPs typically run their DNS servers on Unix or Linux running Bind, Nominum or other software and not on Microsoft DNS services, so consumers would likely not be those most at risk, says Mockapetris, who is now the chief scientist for Nominum.
Corporations, on the other hand, do use Microsoft DNS either internally on intranets or as a pipeline to the Web.
A hacker controlling a DNS server would have access to DNS logs to determine sites users go to, such as a bank, and they could alter DNS records to redirect users to a bogus site that looks like the bank and then record password and other sensitive data. Users also could be redirected to hacker Web sites that would install malicious code on end-user PCs.
"If you take over the box, you can tell users whatever you like in response to their DNS queries," says Mockapetris. "You can see where people want to go and decide the most effective way to attack those users based on their patterns."
The attacks can go on relatively unnoticed given the trust inherent in DNS and the fact that it works behind the scenes.
"If a DNS server misdirects a request, a sophisticated user might notice but the vast majority of users won't," he says.
Computerworld Member Login
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Fujitsu PC targets Today's Young Adults with the release of the L series 2008-10-14 12:40:00+10
RSA survey shows employees’ everyday behaviours puts sensitive business information at risk 2008-10-14 11:29:00+10
Sound Alliance Group expands with acquisition of Mess+Noise 2008-10-14 08:48:00+10
Sterling Commerce Introduces New Managed File Transfer Capabilities That Cuts Server Change Management Time in Half 2008-10-14 08:41:00+10
Simms Exclusive Distributor of Cygnett MP3 Accessories 2008-10-14 08:10:00+10
Improving Sales Productivity: An Opportunity for Sales and IT Leadership
Strong leadership and teamwork between business units are key factors in the productivity, efficiency and effectiveness in business today. This paper demonstrates the critical role technology can play and the practices that all divisions in co-operation with IT should follow for the best chance to success.
