Software blamed for DoS attack vulnerability

Outdated and untested software used to run the Internet address system has undermined online security, an Australian company warns.

Sydney-based DeMorgan said 30 per cent of the computers controlling the ".com" domain name system (DNS) - including several of the highest-level root servers - are vulnerable to "denial of service" and other attacks because they are running software that is outdated or was never meant for commercial release. Such attacks, which overwhelm a server with bogus requests for information, recently crippled large e-commerce sites, such as the recent attacks on Dingo Blue and sites such as IDG (publisher of Computerworld).

The company released the widely disputed study last week finding just 20 per cent of DNS servers in Australia have installed the recommended DNS server software, which received a substantial security upgrade last November. DeMorgan also concluded that as many as 75 per cent of DNS servers worldwide have failed to install the upgrade.

The report is controversial because some experts insist that core DNS root servers are safe and robust.

Root servers act as control switches on the Internet, taking requests from one domain and showing it how to reach addresses in another.

Without them, Internet surfers would be unable to reach destinations.

DeMorgan CIO Craig Wright said one of the highest-level root servers - ".com" root server A, administered by Network Solutions (NSI) could let intruders compromise the system.

"Some of the codes are vulnerable to either a root compromise or DDoS (Distributed Denial of Service) attacks," Wright said.

"These are mission-critical servers that control the Internet. There seems to be no control to make these people actually update their patching."

Join the newsletter!

Error: Please check your email address.

More about DeMorgan

Show Comments