what does the new DNS threat mean to you ??
ok since this has become such a big issue in the security world now. i thought it would be nice to write a small article on it .
**********************
->Lets 1st understand what exactly is a DNS ??
DNS or Domain Name Servers play a vital role in the working of internet .
You every day go to different websites like
www.google.com
www.orkut.com
www.viruswriting.co.cc
These maybe easier to remmember for a human but they are all but useless for the machine .
The machine doesnt understand what you mean by say “www.google.com”.Dns comes into the picture here /
As you must be knowing each computer on the internet is provided with a unique ip address .
A ip address usually looks like ###.###.###.### , its a combination of numbers . Its a 32-bit numbers normally
expressed as four “octets” in a “dotted decimal number.”The four numbers are called octets because the numbers can
have a value between 0-256(28). Now if you tell the machine to take you to say 66.102.9.147 it will understand but when you
tell it to take you to www.google.com , as we discussed above , it wont . This is where dns plays a vital role , it tells the machine
the ip address of the host name that you want to access. Servers usually have static ip while the end users have dynamic(ip changes
everytime you login back to your isp ) .Seems like a easy task doesnt it ? ,but consider this with millions of people
pouring in millions of requests every second .To this add the no of end users and their changing ips and sometimes changing ip of the server.
This becomes complicated.
If you r intrested in any more details about How dns works in details please see
http://www.howstuffworks.com/dns.htm
and yes you can google too .):
*********************
The Flaw :-
–>The Timeline.
Now the latest flaw that has made the security world get up and take notice is the flaw in how the Doman name servers convert the ips from host name
sent to them. Apparently the flaw has been around for years and some experts even knew about it , theres a website (youl find it through google ) that claims
to have 1st found the flaw some years back and are angry that no one took notice of them . They also claim to have made a patch for it . But according to the
mass media it was 1st found by Dan Kamisky somewhere around last year(which i seriously doubt ) . So all the top notch security experts spent around a year
on it to find out a way to patch the. They claim to have found a patch (which i seriously doubted from the 1st day when the reports started flooding it ). Anyway in
between this the details of the flaw were put on the net by one of the them . This lead to it being transfered to all the apparent bad guys. Metasploit has put it on its
latest update and there are reports that even neosploit has (even though the complete project had stoped according to reports in mass media !lol!!! ). Well you must be wondering since the patch has already been found why is this moron writing an article on it .Well thats the catch , the apparent patch which fixes it all doesnt really fix it .
Recently aol and the kaspreskys dns were hacked using the same flaw even though they had patched it long back. In aols case the poisoned website was google.com.
Every user of its internet service who tried to go to google.com was instead sent to a websites which had adds .The objective was to only earn using the clicks on the adds,nothing more .But it could have been much dangerous. And just a day before , it was reported that a Russian physicist, Evgeniy Polyakov , had written in his blog that he was able to fool around a patched dns using a high speed internet service(2mbps is more than enough ) and a desktop computer(courtesy NYT ).
—>Why are the apparent bad guys behind this flaw ???
Obviously to exploit it.lol!!
The main objective of any person who uses this flaw would be phishing.Lets take an example , lets say iam able to poison the dns server of say , bsnl(i can tell you that it is exploitable , they haven’t even patched yet !!!) and i poison gmail entry . Next i create a small website which loads just like gmail, but sends the passwords also to me , so it would send the passwords to me as well as the gmail server. You wont see anything wrong , the address would remain same , everything will happen like it would normally would ,except that i would have your password . Now imagine if this would happen to a goverment site or say a bank site , before you even know , the complete bsnl users would be banckrupt. Moreover selling these details is a big business.
**********************
Technical details :iam not posting them over here , any one who is serious enough about this would already have them and if you dont metasploit is the hint !
**********************
What can You do about it ???
Pretty much nothing . Now since the new patch doesnt work completely you would still be exploitable. Even if we consider the situation where the patch gives us some protection, even after you patch you would still end up being vulnerable if your isp doesnt patches itselg .
What the big players are doing ???
Yahoo has started a service called sign-in seal . This would be helpful as chances are that the “apparent bad guys” wont be able to do the same .
There are reports that major players like IBM,Microsoft and Google are moving away from the whole user password (mnemonics) to cryptography which doesnt require the person to enter the password but forms a dirrect connection .(courtsey again NYT)
These doesnt help in any way in the whole DNS scenario . But certainly helps in the whole phishing scenario.
***********************
-ghostontherun
ok since this has become such a big issue in the security world now. i thought it would be nice to write a small article on it .
**********************
->Lets 1st understand what exactly is a DNS ??
DNS or Domain Name Servers play a vital role in the working of internet .
You every day go to different websites like
www.google.com
www.orkut.com
www.viruswriting.co.cc
These maybe easier to remmember for a human but they are all but useless for the machine .
The machine doesnt understand what you mean by say “www.google.com”.Dns comes into the picture here /
As you must be knowing each computer on the internet is provided with a unique ip address .
A ip address usually looks like ###.###.###.### , its a combination of numbers . Its a 32-bit numbers normally
expressed as four “octets” in a “dotted decimal number.”The four numbers are called octets because the numbers can
have a value between 0-256(28). Now if you tell the machine to take you to say 66.102.9.147 it will understand but when you
tell it to take you to www.google.com , as we discussed above , it wont . This is where dns plays a vital role , it tells the machine
the ip address of the host name that you want to access. Servers usually have static ip while the end users have dynamic(ip changes
everytime you login back to your isp ) .Seems like a easy task doesnt it ? ,but consider this with millions of people
pouring in millions of requests every second .To this add the no of end users and their changing ips and sometimes changing ip of the server.
This becomes complicated.
If you r intrested in any more details about How dns works in details please see
http://www.howstuffworks.com/dns.htm
and yes you can google too .):
*********************
The Flaw :-
–>The Timeline.
Now the latest flaw that has made the security world get up and take notice is the flaw in how the Doman name servers convert the ips from host name
sent to them. Apparently the flaw has been around for years and some experts even knew about it , theres a website (youl find it through google ) that claims
to have 1st found the flaw some years back and are angry that no one took notice of them . They also claim to have made a patch for it . But according to the
mass media it was 1st found by Dan Kamisky somewhere around last year(which i seriously doubt ) . So all the top notch security experts spent around a year
on it to find out a way to patch the. They claim to have found a patch (which i seriously doubted from the 1st day when the reports started flooding it ). Anyway in
between this the details of the flaw were put on the net by one of the them . This lead to it being transfered to all the apparent bad guys. Metasploit has put it on its
latest update and there are reports that even neosploit has (even though the complete project had stoped according to reports in mass media !lol!!! ). Well you must be wondering since the patch has already been found why is this moron writing an article on it .Well thats the catch , the apparent patch which fixes it all doesnt really fix it .
Recently aol and the kaspreskys dns were hacked using the same flaw even though they had patched it long back. In aols case the poisoned website was google.com.
Every user of its internet service who tried to go to google.com was instead sent to a websites which had adds .The objective was to only earn using the clicks on the adds,nothing more .But it could have been much dangerous. And just a day before , it was reported that a Russian physicist, Evgeniy Polyakov , had written in his blog that he was able to fool around a patched dns using a high speed internet service(2mbps is more than enough ) and a desktop computer(courtesy NYT ).
—>Why are the apparent bad guys behind this flaw ???
Obviously to exploit it.lol!!
The main objective of any person who uses this flaw would be phishing.Lets take an example , lets say iam able to poison the dns server of say , bsnl(i can tell you that it is exploitable , they haven’t even patched yet !!!) and i poison gmail entry . Next i create a small website which loads just like gmail, but sends the passwords also to me , so it would send the passwords to me as well as the gmail server. You wont see anything wrong , the address would remain same , everything will happen like it would normally would ,except that i would have your password . Now imagine if this would happen to a goverment site or say a bank site , before you even know , the complete bsnl users would be banckrupt. Moreover selling these details is a big business.
**********************
Technical details :iam not posting them over here , any one who is serious enough about this would already have them and if you dont metasploit is the hint !
**********************
What can You do about it ???
Pretty much nothing . Now since the new patch doesnt work completely you would still be exploitable. Even if we consider the situation where the patch gives us some protection, even after you patch you would still end up being vulnerable if your isp doesnt patches itselg .
What the big players are doing ???
Yahoo has started a service called sign-in seal . This would be helpful as chances are that the “apparent bad guys” wont be able to do the same .
There are reports that major players like IBM,Microsoft and Google are moving away from the whole user password (mnemonics) to cryptography which doesnt require the person to enter the password but forms a dirrect connection .(courtsey again NYT)
These doesnt help in any way in the whole DNS scenario . But certainly helps in the whole phishing scenario.
***********************
-ghostontherun
0 comments:
Post a Comment