DNS Recursion - Open DNS Servers
"On 2008 July 08, Tuesday, technology vendors from across the industry will simultaneously release patches for their products to close a major vulnerability in the underpinnings of the Internet. While most home users will be automatically updated, it's important for all businesses to immediately update their networks.
This is the largest synchronized security update in the history of the Internet, and is the result of hard work and dedication across dozens of organizations."
"An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control."
Further Discussion at WebmasterWorld...
Previous DNS Recursion Coverage
On 2006 March 13, Monday, we posted a topic at WebmasterWorld concerning a threat that has been lying dormant for years and has now become a mainstream concern. It all has to do with your DNS servers and recursion, specifically allowing non-authoritative DNS queries. Most may not need to be concerned with this, but those who fail should definitely address the problem.
"One or more of your name servers reports that it is an open DNS server. This usually means that anyone in the world can query it."
Are your DNS Servers open for DNS Recursion? Run a DNS Report and find out.
Open DNS Servers - Katrina of Internet Storms
2008 News on DNS Recursion
2006 News on DNS Recursion
- 2006-03-31 - DNS Amplification Attacks (.pdf)
In early February 2006, name servers hosting Top Level Domain zones were the repeated recipients of extraordinary heavy traffic loads. Analysis of traffic by TLD name server operators and security experts at large confirmed that DNS packets comprising the attack traffic exhibited characteristics associated with previously attempted DDoS attacks collectively known as amplification attacks.
- 2006-03-31 - DNS Recursion Attacks - v2.0 Update
US-CERT is encouraging wide dissemination of this paper and organizations that currently have DNS recursion enabled are encouraged to disable it if possible.
- 2006-03-30 - Banks Hit With New Spoofing Attacks
Three Florida banks have had their Web sites compromised by hackers in an attack that security experts are calling the first of its type.
- 2006-03-29 - DNS Hackers Target Domain Registrars
Network Solutions and Joker.com hit by DDoSsers. More to follow? Hackers have launched distributed denial of service attacks against the Domain Name System (DNS) servers of a brace of domain name registrars over recent days.
- 2006-03-26 - Domain Registrar Joker Hit By DDoS
Domain registrar Joker.com says its name servers are under attack, causing outages for customers. More than 550,000 domains are registered with Joker, which is based in Germany.
- 2006-03-24 - DNS Servers Do Hackers Dirty Work
Cyber criminals are using DNS servers, the phonebooks of the Internet, to amplify their assaults and disrupt online business.
- 2006-03-20 - SecuriTeam™ - DNS Amplification Attacks
This paper outlines a Distributed Denial of Service (DDoS) attack which abuses open recursive Domain Name System (DNS) name servers using spoofed UDP packets.
- 2006-03-17 - DNS Amplification Attacks (.pdf)
This paper outlines a Distributed Denial of Service (DDoS) attack which abuses open recursive Domain Name System (DNS) name servers using spoofed UDP packets. The risks involved with the recursive name server feature, as well as those of packet spoofing are well known, yet have been treated more as a theoretical issue.
- 2006-03-17 - DNS Recursion Leads to Nastier DoS Attacks
A new kind of denial-of-service (DoS) attack has emerged that delivers a heftier blow to organisations' systems than previously seen DoS threats, according to VeriSign's security chief.
- 2006-03-13 - DNS Recursion - Open DNS Servers
On 2006 March 13, Monday, we posted a topic at WebmasterWorld concerning a threat that has been lying dormant for years and has now become a mainstream concern. It all has to do with your DNS servers and recursion.
- 2006 March - DNS Cache Poisoning - Definition and Prevention (.pdf)
DNS cache poisoning consists of changing or adding records in the resolver caches, either on the client or the server, so that a DNS query for a domain returns an IP address for an attacker’s domain instead of the intended domain.
- 2006-02-28 - Recursive DNS Servers as a Growing DDoS Problem
The attack currently in the wild is a lot bigger and more complicated than this, but to begin, here is an explanation.
- 2006-02-10 - Payment Gateway StormPay Battling Sustained DDoS Attack
Payment gateway StormPay is recovering from a distributed denial of service attack (DDoS) that has kept its web site offline for much of the past two days.
- 2006-02-02 - HP Tru64 UNIX BIND4/BIND8 DNS Cache Poisoning Vulnerability
The vulnerability is caused due to an error in DNS BIND4 and BIND8 when they are configured to be used as the target name server for DNS forwarders. This can be exploited in DNS cache poison attacks to e.g. redirect DNS clients to malicious or spoofed websites.
2005 News on DNS Recursion