Posts tagged attack

New York, NY (openPR) July 24 June 2007

Trusteer announced today that its CTO and security researcher Amit Klein has cracked random and showed a new BIND attack, most Internet users. In this “DNS forgery pharming attack fraudsters can remotely force consumers fraudulent websites, without having to go to a computer or network.

DNS and BIND?

When a user enters a domain address such as www.bank.com in the address bar of the browser associated with the operating system file to the IP address with this domain address available to connect users to the site. This is done transparently sending a Domain Name System (DNS) query to a DNS server, which is basically a large collection of domain addresses and their corresponding IP addresses. The DNS server returns a DNS response that contains the IP address of the requested site. The most popular DNS server is now developed BIND (Berkeley Internet Name Domain) and through the Internet System Consortium (ISC) is maintained.

RNG BIND

To DNS response forgery, an attack in which the fraudster sends a fake response with an incorrect IP address of the computer to avoid sets a standard BIND DNS security mechanism, based on a randomly generated number. This mechanism prevents fraudsters who do not know the road between the user and the DNS server from forging DNS responses and direct users to the wrong server.

RNG BIND can be injured

However, security expert and CTO, Amit Klein Trusteer has a serious flaw implementation of BIND, the fraudsters to efficiently random numbers without the need to create the route between the user control can be predicted, detected, and the DNS server. With this vulnerability fraudsters can remotely forge DNS responses and direct users to fraudulent websites. The fraudulent Web site, the user can access the sign stealing or alter the user’s communication with the site.

“This is a devastating attack,” said Small, “through targeted a specific ISP’s DNS server the fraudster simply direct all ISP users tried to a fraudulent website each time the user to access the correct website. There are nothing to do, the user can to prevent the attack. “

DNS manipulation attack is also known as pharming, and this common belief is that fraudsters should not inhibit the user’s computer or the DNS server itself to launch the attack known. This vulnerability enables an attack, pharming works even if the user’s computer and the DNS server is highly secured.

Trusteer advises ISPs and companies use to manage a BIND 9 DNS server in a cache configuration to the latest patch from the ISC. Existing desktop security solutions can not protect against such attacks since DNS forgery pharming does not the user’s computer or the DNS server, but the cached data on the DNS server. Mutual authentication solutions, such as Trusteer report, which strongly authenticates the destination website and prevents access to unauthenticated websites defeat the attack.

More information

Vulnerability to the ISC on 29 June 2007 reports.

A patch has been released 23rd July 2007. Administrators should update 9.2.8-P1, BIND 9.3.4-P1 BIND, BIND 9.4.1-P1 or BIND 9.5.0a6 BIND.

Affected systems: All versions of BIND 9 in the server configuration cache name

CVE: CVE-2007-2926

Trusteer research is available at: http://www.trusteer.com/docs/bind9dns_s.html

About

Trusteer

Trusteer is a privately held company by senior internet security with the special expertise in the enterprise and security of desktop computers, founded. The flagship product, Rapport protects online business “client-side attacks such as phishing, pharming, man, key logging, man-in-the-middle-in browser and all other threats to identity and client-side attacks against financial fraud. Unlike traditional approaches, which provide only partial solutions, revolutionary approach to prevention protects Trusteer control the risks associated with many client threats.

clear = “all”
DNS Server