Kaminsky's DNS Flaw Unravelled

Techtree News Staff, Jul 22, 2008 1846 hrs IST

In Halvar Flake's view, all you need do is flood a DNS server with multiple requests for similar sounding domain names.

E-Mail Print

Two weeks ago, when security researcher Dan Kaminsky discovered a critical flaw in the Internet's Domain Name Server (DNS) system, he warned peers not to publicly discuss the same lest unscrupulous hackers got around to taking undue advantage of it.

Seems his advice has fallen on deaf ears as researcher Halvar Flake has posted a complete hypothesis describing a simple modus operandi for exploiting this vulnerability.

In Flake's view, all you need do is flood a DNS server with multiple requests for similar-sounding domain names -- confusing the poor server into querying a root server for name server/s handling lookups for these domains. This information could be then sent by a hacker to a DNS server making it look like authentic information. Flake's contention is that with so many requests, there is some probability that at least one would match -- meaning a hacker could be successful in redirecting a naive user to a fake site which then goes on to glibly steal his/her private and personal data.

Kamsinsky, whose concern seems to stem from the fact that public discussion of a vulnerability would only make it more vulnerable to being exploited by hackers; has declined comment on Flake's speculation. Kaminsky will wait till the Black Hat Conference in Las Vegas to offer a detailed discussion of the DNS flaw.

Flake's is a highly-respected name in security circles; even then, he had to go through "DNS-for-dummies" to be able to achieve this feat.



Write a comment

       (All fields are mandatory.)

Text Limit = 255 Characters

Type the characters you see in the picture below.

#

Characters are not case sensitive.

VIEW ALL LATEST

 

Bharti Airtel To Enter Digital Cinema

News | Telecom | Aug 28 2008

Having made a mark with its three-screen strategy - mobile phones, IPTV and broadband - Bharti Airtel is now planning to head towards the fourth screen, namely the digital cinema. ...

LiL: India's Answer to Twitter, More

News | Internet | Aug 28 2008

LifeinLines, a.k.a LiL, allows you to share your experiences and thoughts instantly through email, voicemail, video, SMS/MMS, and Gtalk. ...

Cloud AV: Antivirus, Cloud Computing Style

News | Software | Aug 28 2008

Cloud AV does not involve the installation of resource-hogging antivirus suites, and instead uses a cloud computing like approach and loads an antivirus functionality on to the network cloud. ...

Left 4 Dead: Pwning the Zombie Space

News | Gaming | Aug 28 2008

Left 4 Dead takes on zombie masterpieces like Resident Evil 4, and comes out looking good. ...

The Last Guy Out Now

News | Gaming | Aug 28 2008

The Last Guy mixes elements of the most popular cell phone game, namely Snake, adds a touch of Pac-Man to it, and provides maps of various cities across the world. ...

 

USER REVIEWS

MOST POPULAR NEWS

Hide

MOST POPULAR REVIEWS

Hide

MOST POPULAR GAMES

Hide

MOST POPULAR DOWNLOADS

Hide