cancel
Showing results for 
Search instead for 
Did you mean: 

DNS Flaw Revealed

DNS Flaw Revealed

DNS Flaw Revealed

After a royal 'sphericals skyward' by Matasano the other day, Metasploit have finally released an auxiliary module to their framework which exploits the flaw in the DNS protocol*. This is the same flaw that we rolled a fix for (ok, really a workaround, but fixing an entire protocol isn't something which can be done in a matter of months, let alone weeks or days) recently, but as you already know we're not like other companies. We have a very quick turnaround on things of this nature, and for other projects in general. No sooner had the flaw been disclosed (without PoC), NetOps were all over it like a swarm of bees around a honeypot. That's great for us, of course, but what about larger companies? Having had experience of big corporate, red-tape is often a hindrance to security rather than a help. Sure, the guys on the ground would have been chomping at the bit to roll out the fix, but there's every chance it's been held in testing/approval. That being said, considering the nature and severity of the flaw and the potential impact to customers - not to mention any possibility of liability should any of their customers fall victim to a live exploit - their Ops might very well have dodged the red-tape and gone straight in with a fix. If there's one thing red-tape can't stop, it's a boulder hurtling toward you at a hundred miles an hour - and this really was a potentially huge boulder. So, are you safer here than anywhere else? Potentially, yes. Because we're a transparent ISP, we let you know what we're doing to fix the problems we have - often before you even realise we have a problem. Because of our fast turnaround on rollouts, fixes and security updates especially we're in a somewhat unique position in the ISP market to ensure our customers are as protected as they can be. Sure, we've had our problems in the past, but we've learned our lessons well, put measures in place to prevent recurrence of past woes, and generally put our house back in order - and then some. We're in a better place now than we've ever been. All in all PlusNet is a really good place to be, and the recent release of the exploit code into the Metasploit framework, for me, reinforces that opinion. * The exploit is available as an auxiliary module to the Metasploit Framework in the form of a ruby script. Interesting to note, too, that in one of the change reports they used 'doxpara.com' (Dan Kaminsky's domain, the guy who released the information on the flaw) as a default target, but changed it to 'example.com'. The change was logged with the comment 'Be nice to Dan's server :P'. See, even hackers have a sense of humour Wink

0 Thanks
2 Comments
885 Views
2 Comments
glennog
Not applicable
And as if by magic, El Reg runs pretty much the same story http://www.theregister.co.uk/2008/07/25/isps_slow_to_patch/
MikeWhitehead1
Not applicable
Just to point out that the Metasploit Framework is actually designed for use by penetration testers; it's just that it's freely available so it gets used for other non-pen-testing purposes. If you have a look through the web front-end code, I'm quite sure you'll see my name pop up a fair few times Wink